DETAILED ACTION
This Office Action is in response to the communication filed on 07/08/2020. 
Claims 1-21 are pending. 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 
(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term "means" or "step" or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term "means" or "step" or the generic placeholder is modified by functional language, typically, but not always linked by the transition word "for" (e.g., "means for") or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term "means" or "step" or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word "means" (or "step") in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word "means" (or "step") in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word "means" (or "step") are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word "means" (or "step") are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word "means," but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitations use a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitations are: "threat management facility" as recited in claims 1-5, 8, and 13.  
Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. A review of the specification shows that the following appears to be the corresponding structure described in the specification for the 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph limitations: e.g. figs. 1-7, and [0020], [0039], [0055]-[0056], [0067]-[0069], [0075]-[0077], [0103] of the specification.
If applicant does not intend to have these limitations interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitations to avoid them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitations recite sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
Claim Objections
Claims 14, 16, and 17-18 are objected to because of the following informalities: 
"the steps of" as recited in claim 14 should read "steps of".
There is insufficient antecedent basis for the limitation "the remote resource" as recited in claim 16.
There is insufficient antecedent basis for the limitation "the compute instance requests" as recited in claims 17-18.
Appropriate correction is required.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1, 3-5, 9-12, and 14-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Lee (US 2008/0301794).
Claim 1, Lee teaches:
A system comprising:
a firewall coupled to a first network interface and a second network interface, the firewall associated with a first enterprise network and coupled to the first enterprise network through the first network interface, and the firewall coupled to a public internetwork through the second network interface; (e.g. fig. 8, [0061], "The collaboration system 800 can be a networked system including a plurality of autonomous collaboration networks 810a, 810b. Each network 810a, 810b can be hosted by an enterprise, which is typically protected by at least one firewall 160. In another embodiment, one enterprise can host more than one collaboration network 810a, 810b. For example, Enterprise A and Enterprise B can be subsidiaries or subdivisions of a single enterprise. Each collaboration network, e.g., 810a, is configured to communicate with other collaboration networks 810b over a public network, such as the Internet 110")
a compute instance associated with a second enterprise network, the compute instance coupled through the first enterprise network to the first network interface of the firewall; and (e.g. fig. 8, [0062], "each collaboration network, e.g., 810a, includes at least one collaboration server 820a that supports a plurality of clients 120a. Each client 120a is registered to a collaboration server, e.g., 820a, such that the server 820a is aware of each of its clients 120a, and can receive and provide information from and to each registered client 120a" [0063], "each collaboration server, e.g., 820a, in a collaboration network 810a is configured to communicate securely with other collaboration servers 820b in another network 810b, such that secure inter-network data exchange is facilitated. For example, presence information of a client in Enterprise A (120a) can be sent from a collaboration server in Enterprise A (820a) to a client in Enterprise B (120b) via the collaboration server in Enterprise B (820b). The secure inter-network communication can involve two or more collaboration networks 810a, 810b to form one collaboration session" [0064], "secure resources 154a-154c in a secure data center 150 can be accessed and shared amongst the clients 120a, 120b in a collaboration session…the RA service 600 described above can be integrated in at least one collaboration server, e.g., 820b, so that a remote client, e.g., 120a, can have visual access to a resource, e.g., 154a, in the secure data center 150 during the collaboration session")
a threat management facility coupled in a communicating relationship with the firewall, the threat management facility configured to provide security services for each of the first enterprise network associated with the firewall and the second enterprise network associated with the compute instance, and the threat management facility further configured to cryptographically verify an association between the compute instance and the second enterprise network as a condition for access by the compute instance to the public internetwork through the firewall. (e.g. fig. 8, [0066], "the call identifies, among other things, the second client 120b, referred to as "the invitee," and an address associated with the invitee 120b. In one version, the call can include such information as: [0067] Invitee ID [0068] ID of invitee's collaboration server [0069] Inviter ID [0070] ID of inviter's collaboration server [0071] Security information (e.g. security key index, encryption scheme)" [0072]-[0075], "The collaboration session address can be used to identify the client 120a, 120b for the purpose of establishing a collaboration session, and can include, for example, a user name associated with the client 120a, 120b and a domain ID associated with the collaboration network 810a, 810b in which the client 120a, 120b resides…When the request is received, the first client's collaboration server 820a processes the request…a session manager component 912 in the remote access/collaboration (RAC) service 900 receives the request and authenticates the first client 120a using, in one embodiment, the client authentication handler component 916 described earlier. When the first client 120a is authenticated, the session manager 912 can create a first session including the first client 120a…Prior to sending the call, the session manager 912 can perform a security check using the security policy manager component 918…to ensure compliance with security policies for Enterprise A. For example, the security policy manager 918 can determine whether a collaboration session involving Enterprise B is allowed. When no policies are violated, the call is sent over the Internet 110 to the RAC service 900 in the second client's collaboration server 820b" [0078]-[0081], "When one or both clients 120a, 120b require access to secure resources 154 in the secure data center 150, the RAC service 900 in the collaboration server 820b associated with the secure data base 150 receives a request from a client, e.g., the second client 120b, to establish a session for accessing secure resources 154 in the secure data center 150…the session manager component 912 in the RAC service 900 processes the request by authenticating the requesting client 120b and determining whether the requesting client 120b is authorized to access the secure resources 154. When the requesting client 120b is authenticated and authorized, the session manager component 912 can, in one embodiment, create the session and direct the data access handler component 914 to send an instruction to the visual access service 500 to create a data access point for the session associated with the requesting client 120b…The visual data is received by the RAC service 900 and sent to the requesting client 120b where it is received and displayed on the requesting client 120b to the user…because the first client 120a and the second client 120b are participants in an interactive collaboration session, the RAC service 900 can send the visual data displayed on the second client 120b to the first client 120a via the interactive collaboration session…where it is received and displayed on the first client 120a to the user")
Claim 3, this claim is directed to a system containing similar limitations as recited in claim 1 and is rejected for similar rationale.
Claim 4, Lee teaches: 
wherein the first data network is a public internetwork and the second data network is the second enterprise network, the system further comprising an application server in the second enterprise network configured to respond to network requests through the firewall from devices coupled to the public internetwork, wherein the threat management facility is configured to verify the association between the compute instance and the first enterprise before authorizing access by the compute instance to the application server through the firewall. (e.g. fig. 8, [0061], [0063], [0072]-[0075], [0078]-[0081])
Claim 5, Lee teaches:
wherein the first data network is the second enterprise network associated with the second enterprise of the firewall, wherein the second data network is a public internetwork, and wherein the threat management facility is configured to verify the association between the compute instance and the first enterprise before authorizing access by the compute instance through the firewall to the public internetwork. (e.g. fig. 8, [0061], [0072]-[0075], [0078]-[0081])
Claim 9, Lee teaches:
wherein the firewall is a web application firewall for an application server coupled to the second enterprise network and communicating with a public internetwork through the web application firewall. (e.g. [0054], [0061]-[0064], [0077]-[0078])
Claim 10, Lee teaches:
wherein the first data network is a public internetwork. (e.g. [0061], [0074])
Claim 11, Lee teaches:
wherein the second data network is a public internetwork. (e.g. [0061], [0074])
Claim 12, Lee teaches:
wherein the threat management facility is a remote resource coupled to the firewall through a public internetwork. (e.g. [0061]-[0062], [0065], [0073])
Claim 14, Lee teaches: 
A computer program product comprising computer executable code embodied in a non-transitory computer readable medium that, when executing on one or more computing devices, performs the steps of:
receiving a request from a compute instance associated with a first enterprise network at a firewall associated with a second enterprise network different than the first enterprise network, the request received through the second enterprise network and addressed to a network resource coupled to a public internetwork separated from the second enterprise network by the firewall; (e.g. fig. 8, [0065], "the collaboration server, e.g., 820a, for a first client in Enterprise A, receives a request to call a second client 120b inviting the second client 120b to engage in a collaboration session…the second client 120b is registered on a collaboration server 820b in Enterprise B. Accordingly, the first and second clients 120a, 120b reside in different networks 810a, 810b" [0073], "When the request is received, the first client's collaboration server 820a processes the request…a session manager component 912 in the remote access/collaboration (RAC) service 900 receives the request and authenticates the first client 120a using, in one embodiment, the client authentication handler component 916 described earlier. When the first client 120a is authenticated, the session manager 912 can create a first session including the first client 120a" [0078]-[0081], "When one or both clients 120a, 120b require access to secure resources 154 in the secure data center 150, the RAC service 900 in the collaboration server 820b associated with the secure data base 150 receives a request from a client, e.g., the second client 120b, to establish a session for accessing secure resources 154 in the secure data center 150…the session manager component 912 in the RAC service 900 processes the request by authenticating the requesting client 120b and determining whether the requesting client 120b is authorized to access the secure resources 154. When the requesting client 120b is authenticated and authorized, the session manager component 912 can, in one embodiment, create the session and direct the data access handler component 914 to send an instruction to the visual access service 500 to create a data access point for the session associated with the requesting client 120b…The visual data is received by the RAC service 900 and sent to the requesting client 120b where it is received and displayed on the requesting client 120b to the user…because the first client 120a and the second client 120b are participants in an interactive collaboration session, the RAC service 900 can send the visual data displayed on the second client 120b to the first client 120a via the interactive collaboration session…where it is received and displayed on the first client 120a to the user")
verifying an association of the compute instance with the first enterprise network with a cryptographic authentication of the compute instance at a remote threat management facility coupled to the firewall through the public internetwork; (e.g. fig. 8, [0066], "the call identifies, among other things, the second client 120b, referred to as "the invitee," and an address associated with the invitee 120b. In one version, the call can include such information as: [0067] Invitee ID [0068] ID of invitee's collaboration server [0069] Inviter ID [0070] ID of inviter's collaboration server [0071] Security information (e.g. security key index, encryption scheme)" [0072]-[0075], "The collaboration session address can be used to identify the client 120a, 120b for the purpose of establishing a collaboration session, and can include, for example, a user name associated with the client 120a, 120b and a domain ID associated with the collaboration network 810a, 810b in which the client 120a, 120b resides…When the request is received, the first client's collaboration server 820a processes the request…a session manager component 912 in the remote access/collaboration (RAC) service 900 receives the request and authenticates the first client 120a using, in one embodiment, the client authentication handler component 916 described earlier. When the first client 120a is authenticated, the session manager 912 can create a first session including the first client 120a…Prior to sending the call, the session manager 912 can perform a security check using the security policy manager component 918…to ensure compliance with security policies for Enterprise A. For example, the security policy manager 918 can determine whether a collaboration session involving Enterprise B is allowed. When no policies are violated, the call is sent over the Internet 110 to the RAC service 900 in the second client's collaboration server 820b" [0078]-[0079], "When one or both clients 120a, 120b require access to secure resources 154 in the secure data center 150, the RAC service 900 in the collaboration server 820b associated with the secure data base 150 receives a request from a client, e.g., the second client 120b, to establish a session for accessing secure resources 154 in the secure data center 150…the session manager component 912 in the RAC service 900 processes the request by authenticating the requesting client 120b and determining whether the requesting client 120b is authorized to access the secure resources 154. When the requesting client 120b is authenticated and authorized, the session manager component 912 can, in one embodiment, create the session and direct the data access handler component 914 to send an instruction to the visual access service 500 to create a data access point for the session associated with the requesting client 120b")
transmitting an authorization from the remote threat management facility to the firewall for the compute instance to access the network resource through the firewall; and in response to the authorization, transmitting the request from the compute instance through the firewall to the network resource. (e.g. fig. 8, [0066], "the call identifies, among other things, the second client 120b, referred to as "the invitee," and an address associated with the invitee 120b. In one version, the call can include such information as: [0067] Invitee ID [0068] ID of invitee's collaboration server [0069] Inviter ID [0070] ID of inviter's collaboration server [0071] Security information (e.g. security key index, encryption scheme)" [0072]-[0075], "The collaboration session address can be used to identify the client 120a, 120b for the purpose of establishing a collaboration session, and can include, for example, a user name associated with the client 120a, 120b and a domain ID associated with the collaboration network 810a, 810b in which the client 120a, 120b resides…When the request is received, the first client's collaboration server 820a processes the request…a session manager component 912 in the remote access/collaboration (RAC) service 900 receives the request and authenticates the first client 120a using, in one embodiment, the client authentication handler component 916 described earlier. When the first client 120a is authenticated, the session manager 912 can create a first session including the first client 120a…Prior to sending the call, the session manager 912 can perform a security check using the security policy manager component 918…to ensure compliance with security policies for Enterprise A. For example, the security policy manager 918 can determine whether a collaboration session involving Enterprise B is allowed. When no policies are violated, the call is sent over the Internet 110 to the RAC service 900 in the second client's collaboration server 820b" [0078]-[0081], "When one or both clients 120a, 120b require access to secure resources 154 in the secure data center 150, the RAC service 900 in the collaboration server 820b associated with the secure data base 150 receives a request from a client, e.g., the second client 120b, to establish a session for accessing secure resources 154 in the secure data center 150…the session manager component 912 in the RAC service 900 processes the request by authenticating the requesting client 120b and determining whether the requesting client 120b is authorized to access the secure resources 154. When the requesting client 120b is authenticated and authorized, the session manager component 912 can, in one embodiment, create the session and direct the data access handler component 914 to send an instruction to the visual access service 500 to create a data access point for the session associated with the requesting client 120b…The visual data is received by the RAC service 900 and sent to the requesting client 120b where it is received and displayed on the requesting client 120b to the user…because the first client 120a and the second client 120b are participants in an interactive collaboration session, the RAC service 900 can send the visual data displayed on the second client 120b to the first client 120a via the interactive collaboration session…where it is received and displayed on the first client 120a to the user")
Claim 15, this claim is directed to a method containing similar limitations as recited in claim 14 and is rejected for similar rationale.
Claim 16, Lee teaches: 
wherein the remote resource is a web application separated from a public network by the firewall. (e.g. [0054], [0077]-[0078], claim 7)
Claim 17, Lee teaches:
wherein the compute instance is coupled to the second enterprise network of the firewall, and the compute instance requests access through the firewall to a remote resource on a public internetwork. (e.g. fig. 8, [0061]-[0064], [0073], [0078]-[0079])
Claim 18, Lee teaches:
wherein the compute instance is coupled to the firewall through a public internetwork, and the compute instance requests access to a web application hosted through the firewall. (e.g. fig. 8, [0054], [0061]-[0064], [0073], [0077]-[0079])
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2008/0301794) in view of Wang (US 2010/0095361).
Claim 2, Lee teaches wherein the threat management facility cryptographically verifies the association between the compute instance and the second enterprise network, and authenticate the compute instance (see above), Lee does not appear to explicitly teach but Wang teaches:
using a transport layer security handshake protocol to authenticate. (e.g. [0030])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Wang into the invention of Lee, and the motivation for such an implementation would be for the purpose of improving existing security measures establishing a predetermined tunnel with a firewall to send signaling messages to the firewall (Wang [0036]-[0037]).
Claim 20, Lee teaches the firewall, the compute instance, and verifying the association of the compute instance with the first enterprise network includes authenticating the compute instance (see above) and does not appear to explicitly teach but Wang teaches: 
authenticating in a transport layer security handshake between a compute instance and a firewall. (e.g. [0030])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Wang into the invention of Lee, and the motivation for such an implementation would be for the purpose of improving existing security measures establishing a predetermined tunnel with a firewall to send signaling messages to the firewall (Wang [0036]-[0037]).
Claims 6-7 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2008/0301794) in view of Jennings et al. (US 8,161,547).
Claim 6, Lee teaches the threat management facility, the compute instance, the firewall, and wherein the association between the compute instance and the first enterprise is verified (see above) and does not appear to explicitly teach but Jennings teaches: 
verified by a signed certificate provided by a facility to a compute instance for presentation to a firewall. (e.g. col. 4 ll. 38-col. 5 ll. 12, col. 7 ll. 1-43)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Jennings into the invention of Lee, and the motivation for such an implementation would be for the purpose of monitoring network traffic to provide enhanced network security (Jennings col. 1 ll. 6-8).
Claim 7, Lee teaches the threat management facility, in response to a connection to the firewall initiated by the compute instance, and wherein the association between the compute instance and the first enterprise is verified (see above) and does not appear to explicitly teach but Jennings teaches:
verified by a signed certificate provided by a facility to a firewall in response to a connection to the firewall initiated by a compute instance. (e.g. col. 4 ll. 38-col. 5 ll. 12, col. 7 ll. 1-43)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Jennings into the invention of Lee, and the motivation for such an implementation would be for the purpose of monitoring network traffic to provide enhanced network security (Jennings col. 1 ll. 6-8).
Claim 13, Lee teaches the association, the compute instance, and wherein the threat management facility is configured to verify the association between the compute instance and the first enterprise (see above) and does not appear to explicitly teach but Jennings teaches:
provide a cryptographically verifiable certificate of an association useable by a compute instance. (e.g. col. 4 ll. 38-col. 5 ll. 12, col. 7 ll. 1-43)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Jennings into the invention of Lee, and the motivation for such an implementation would be for the purpose of monitoring network traffic to provide enhanced network security (Jennings col. 1 ll. 6-8).
Claims 8 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2008/0301794) in view of Thomas et al. (US 2019/0124042).
Claim 8, Lee teaches wherein the threat management facility is configured to conditionally authorize network access by the compute instance through the firewall (see above) and does not appear to explicitly teach but Thomas teaches: 
to assess a health state, and to conditionally authorize network access according to the health state. (e.g. [0140]-[0141], [0158], [0162], [0176])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Thomas into the invention of Lee, and the motivation for such an implementation would be for the purpose of advantageously facilitating the proactive isolation of compromised network assets (Thomas [0158]).
Claim 19, Lee teaches the compute instance, the threat management facility, and verifying the association of the compute instance with the first enterprise network (see above) and does not appear to explicitly teach but Thomas teaches:
receiving a secure heartbeat and cryptographically verifying information in the secure heartbeat. (e.g. fig. 8, [0158], [0167]-[0169], [0172])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Thomas into the invention of Lee, and the motivation for such an implementation would be for the purpose of advantageously facilitating the proactive isolation of compromised network assets (Thomas [0158]).
Claim 21 is rejected under 35 U.S.C. 103 as being unpatentable over Lee (US 2008/0301794) in view of Radpour (US 2017/0134956).
Claim 21, Lee teaches the second enterprise network and wherein verifying the association of the compute instance with the first enterprise network includes authenticating the compute instance (see above) and does not appear to explicitly teach but Radpour teaches: 
authenticating to a wireless access point using a four-way handshake. (e.g. [0080]-[0081])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings described by Radpour into the invention of Lee, and the motivation for such an implementation would be for the purpose of providing network access via a secure wireless connection (Radpour [0003]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US 2020/0162431 discloses a system and methods of operation for providing zero-trust and zero-knowledge access between mobile and other computing devices and enterprise services without exposing configuration and authentication information about the enterprise services and client resources, removing denial of service risks, and minimizing attack surfaces of the enterprise services on the network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIE C LIN whose telephone number is (571)272-7752. The examiner can normally be reached M-F 9:00AM -5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AMIE C. LIN/Primary Examiner, Art Unit 2436