Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claim(s) have been considered but are not persuasive.
Applicant argues as per claim 1 the prior art does not teach analyzing telemetry data including whether an agent was securely activated as part of a secure boot. 
Examiner incorporates previously relied upon reference Vasudevan US 2016/0259941 to meet the claims as amended.
Applicant states with regard to Vasudevan “Vasudevan simply describes proof that a device was booted securely, however that is not the same as analyzing telemetry data ….  And then using this information to determine whether to route a communications session via zero trust access…

Examiner asserts that the latter portion of the argument is irrelevant as the Applicant has removed the routing claim limitations from claims 1 and 15.  Examiner disagrees that Vasudevan simply describes proof.   Examiner asserts that Vasudevan teaches providing “measurements” along the lines of telemetry, and states that the agent is specifically verified.  Therefore Examiner asserts Vasudevan meets the claims as amended.   Examiner also asserts that Dupont may be relied upon to teach additional telemetry data.

Applicant argues as per claim 9 that the claim amendments and specification imply an application that makes a plurality of service connections where each connection has its own tailored mode of secure communication.  Applicant argues that Dupont fails to anticipate the claim limitations because Dupont teaches determining the connection mode in the authentication phase of the session connection.   Applicant minimally addresses Pham.
Examiner asserts that the claim limitation “application established or is establishing a communication session” is broad enough that a reasonable interpretation would include an authentication session as part of establishing a communication session.   Thus Dupont reads on the claims as amended.   Examiner asserts that the claims as stated only recited the application establishing multiple sessions, and *not* simultaneous sessions as implied by the Applicant.  For example, an application may establish a first communication session with a first service, and later establish a second communication session with a second service, and have the same, or difference results based on policy and operations.
Examiner asserts that Pham more clearly articulates the term “session” and includes authentication as part of the “session”.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 9, 11, 12, is/are rejected under 35 U.S.C. 103 as being unpatentable over Dupont US 2009/0307753 in view of Pham US 6,678,828 


As per claim 9. Dupont teaches A system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: receive telemetry data associated with a client device of an enterprise from at least an agent running locally on the client device, the telemetry data indicating a state/posture of a communication session between an application on the client device and an application service; analyze the telemetry data to determine a security posture of the communication session between the application and the application service; determine an operation to perform with respect to the communication session based at least in part on the security posture; and instruct the agent running locally on the client device to perform the operation with respect to the communication session; Dupont teaches disallowing the application from communicating with the network based resource or allowing the application to establish the communication session with the network based resource via zero trust access.  [0008] [0023][0043][0048][0049][0052][0054] [0058][0059]  (user must scan using local agent, telemetry data is analyzed to determine security posture, if scan fails, then operation/remediation must be performed before access is granted; teaches communication and instructions of operation sent from network controller to agent program)


Pham teaches determining that the application established or is establishing a first communication session with a first application service, determine that the application established or is establishing a second communication with a second application service, determining at the network controller and based on the second application service and a security posture, a second operation to perform with respect to the application attempting to establish the second communication session    (Column 3 lines 10-38; Column 6 lines 1-11, 34-47; Column 10 lines 8-25)   (Pham explicitly teaches a communication session with an application service, authentication, and determining compliance and security of the application, determining if a security action should be taken; more explicitly teaches granting access, limited access, and rejection access based off of authentication and attempted communication sessions with application services, teaches communication between network controller and agent)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the security methods of Pham with Dupont because it enhances the security of the system.


As per claim 11. Dupont teaches The system of claim 9, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: receive the telemetry data from a network-based resource, the telemetry data comprising a DNS record, a SSO record, a NetFlow record from a router carrying traffic of the client device, information associate with a service obtained through an open API, or a user status obtained from an identity provider, the user status comprising a right of the user to a service of the enterprise. [0049][0053] (teaches authenticating users/location/machine for access, and or user roles for a specific systems)As per claim 12. Dupont teaches The system of claim 9, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: dynamically change the first communication session and the second communication session from a direct Internet access with lean-trust security to an Internet access over a virtual private network (VPN), or vice versa, based at least in part on the security posture of the communication session; and change the first communication session and the second communication session to denied Internet access when the security posture is compromised past a threshold. [0052][0055][0066][0068] (teaches restricting access to specific VPN until security posture passes inspection and then given full access, and vice versa and disconnection)


Claims 1-7, 10, 13, 15-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dupont US 2009/0307753 in view of Pham US 6,678,828 in view of Vasudevan US 2016/0259941


As per claim 1. Dupont teaches A method, comprising: establishing communication between a client device and a network-based resource of an enterprise; obtaining telemetry data associated with the client device from at least one of an agent running locally on the client device or the network-based resource of the enterprise, the telemetry data indicating a state/posture of a communication session between an application on the client device and an application service; analyzing the telemetry data to determine a security posture of the communication session between the application and the application service; determining an operation to perform with respect to the communication session based at least in part on the security posture; and performing the operation with respect to the communication session. 
Dupont teaches disallowing the application from communicating with the network based resource or allowing the application to establish the communication session with the network based resource via zero trust access.  [0008] [0023][0043][0048][0049][0052][0058][0059]  (user must scan using local agent, telemetry data is analyzed to determine security posture, if scan fails, then operation/remediation must be performed before access is granted)

Pham teaches determining that the application is connecting to an application service to establish a communication session associated with the network based resource and determining at least in part on the application service and the security posture and operation to perform.  (Column 3 lines 10-38; Column 6 lines 1-11, 34-47; Column 10 lines 8-25) (Pham explicitly teaches a communication session with an application service, authentication, and determining compliance and security of the application, determining if a security action should be taken)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the security methods of Pham with Dupont because it enhances the security of the system.

Vasudevan teaches wherein analyzing the telemetry data includes validating whether the agent was securely activated as part of a secure boot function of the client device. [0009][0021][0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the network based resource validates the verification boot agent and security posture)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the telemetry data of Vasudevan with Dupont because it increases the security of communicating between networks by ensuring the first party is free of malware [0001]-[0003].
As per claim 2. Dupont teaches receiving an indication from a security controller of the enterprise executing in collaboration with the agent running locally on the client device. (teaches Network Access Controller which may be used as an Enterprise access controller) [0006] [0043][0059]

Pham teaches receiving an indication of the operation from a security controller executing in collaboration with the agent (Column 3 lines 10-45)  (alerts, security actions)

As per claim 3. Vasudevan teaches The method of claim 1, wherein obtaining the telemetry data
comprises receiving local information collected by the agent running locally on the client device,
the local information comprising a security state of a hosting environment, an authentication of
the hosting environment, an evidence of tampering, a security posture of system calls executed
on the client device, a socket maintenance metric, an operating system release, an availability of
a trusted platform module (TPM), a verification of a secure boot function, DNS information, an
ambient environment of the client device, an SSID, or a cellular network identity.
[0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the network
based resource validates the verification boot agent and security posture)
It would have been obvious to one of ordinary skill in the art at the time the invention
was filed to use the telemetry data of Vasudevan with Dupont because it increases the security of
the system.

As per claim 4. Dupont teaches the method of claim 1, wherein obtaining the telemetry data comprises collecting information at the network-based resource, the information comprising a DNS record, a SSO record, a NetFlow record from a router carrying traffic of the client device, information associated with the application service obtained through an open API, or a user status comprising a standing of the user within the enterprise. [0049][0053] (teaches authenticating users/location/machine for access, and or user roles for a specific systems)As per claim 5. Dupont teaches The method of claim 1, wherein performing the operation based at least in part on the security posture comprises dynamically changing the communication session from direct Internet access with lean-trust security to Internet access over a virtual private network (VPN), or vice versa. [0052][0055][0066] (teaches restricting access to specific VPN until security posture passes inspection and then given full access, and vice versa)As per claim 6. Dupont teaches The method of claim 5, further comprising dynamically changing the communication session to denied Internet access based at least in part on the security posture. [0052] (disconnect from network)

As per claim 7. Vasudevan teaches The method of claim 1, further comprising installing or
activating the agent running locally on the client device as part of a secure boot function of the
client device, wherein the controller monitors and validates the security of the secure boot
function, and the security posture of the agent when the secure boot function is validated as
secure. [0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the
network based resource validates the verification boot agent and security posture)

As per claim 10. Vasudevan teaches The system of claim 9, comprising further computer-
executable instructions that, when executed by the one or more processors, cause the one or more
processors to: receive the telemetry data local to the client device, the telemetry data comprising
a security state of a hosting environment, an authentication of the hosting environment, an
evidence of tampering, a security posture of system calls executed on the client device, a socket
maintenance metric, an operating system release, an availability of a trusted platform module
(TPM), a verification of a secure boot function, DNS information, an ambient environment of the
client device, an SSID, or a cellular network identity. [0031][0032][0038][0039][0041] (teaches
a TPM with secure boot function where the network based resource validates the verification
boot agent and security posture)

As per claim 13. Vasudevan teaches The system of claim 9, comprising further computer-
executable instructions that, when executed by the one or more processors, cause the one or more
processors to: install or activate the agent to run locally on the client device as part of a secure
boot function of the client device; and monitor and validate the security of the secure boot
function and the security posture of the agent when the secure boot function is validated as
secure. [0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the
network based resource validates the verification boot agent and security posture)



As per claim 15. Dupont teaches A client device of an enterprise, comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: establish communication with a network-based resource of the enterprise; send telemetry data from the client device to the network-based resource for an analysis, the telemetry data indicating a state/posture of a communication session between an application on the client device and an application service; receive a determination of a security posture of the communication session from the network-based resource; determine an operation to perform with respect to the communication session based at least in part on the security posture; and perform the operation with respect to the communication session. Dupont teaches disallowing the application from communicating with the network based resource or allowing the application to establish the communication session with the network based resource via zero trust access.  [0008] [0023][0043][0048][0049][0052][0058][0059]  (user must scan using local agent, telemetry data is analyzed to determine security posture, if scan fails, then operation/remediation must be performed before access is granted)
Pham teaches determining that the application is connecting to an application service to establish a communication session associated with the network based resource and determining at least in part on the application service and the security posture and operation to perform.  (Column 3 lines 10-38; Column 6 lines 1-11)   (Pham explicitly teaches a communication session with an application service, authentication, and determining compliance and security of the application, determining if a security action should be taken)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the security methods of Pham with Dupont because it enhances the security of the system.
Vasudevan teaches wherein analyzing the telemetry data includes validating whether the agent was securely activated as part of a secure boot function of the client device. [0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the network based resource validates the verification boot agent and security posture)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the telemetry data of Vasudevan with Dupont because it increases the security of communicating between networks by ensuring the first party is free of malware [0001]-[0003].

As per claim 16. Vasudevan teaches The client device of claim 15, comprising further computer-
executable instructions that, when executed by the one or more processors, cause the one or more
processors to: send telemetry data comprising local information collected by an agent of the
client device running locally on the client device, the local information comprising a security
state of a hosting environment, an authentication of the hosting environment, a security state of a
virtual machine, an evidence of tampering, a security posture of system calls executed on the
client device, a socket maintenance metric, an operating system release, an availability of a
trusted platform module (TPM), a verification of a secure boot function, DNS information, an
ambient environment of the client device, an SSID, or a cellular network identity.
[0031][0032][0038][0039][0041] (teaches a TPM with secure boot function where the network
based resource validates the verification boot agent and security posture)

As per claim 17. Vasudevan teaches The client device of claim 16, comprising further computer-
executable instructions that, when executed by the one or more processors, cause the one or more
processors to: install or activate the agent running locally on the client device as part of a secure
boot function of the client device, wherein the network-based resource monitors and validates the
security of the secure boot function and the security posture of the agent when the secure boot
function is validated as secure. [0031][0032][0038][0039][0041] (teaches a TPM with secure
boot function where the network based resource validates the verification boot agent and security
posture)
As per claim 18. Dupont teaches The client device of claim 15, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: dynamically change the communication session from a direct Internet access with lean-trust security to an Internet access over a virtual private network (VPN), or vice versa, based at least in part on the security posture of the communication session; and change the communication session to denied Internet access when the security posture is compromised past a threshold.  [0052][0055][0066] (teaches restricting access to specific VPN until security posture passes inspection and then given full access, and vice versa and disconnection)
Claims 14, is/are rejected under 35 U.S.C. 103 as being unpatentable over Dupont US 2009/0307753 in view of Pham US 6,678,828 in view of Sharifi Mehr US 10,812,521

As per claim 14. Sharifi Mehr teaches The system of claim 9, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: assess the security posture of each communication session of each application communicating with an application service on each client device through a statistical audit process; and enforce an instance of the operation on each communication session of each instance of the application with respect to the application service on each client device across the enterprise.  (Column 6 line 60 to Column 7 line 27; Column 25 lines 1-35; Column 26 lines 12-25)  (teaches audit logs among a fleet of devices analyzing security postures and enforcing remediation)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teachings of Sharifi Mehr with Dupont because it increases security and allows for widespread remediation of security flaws.

Claims 8, 19, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dupont US 2009/0307753 in view of Pham US 6,678,828 in view of Vasudevan US 2016/0259941 in view of Sharifi Mehr US 10,812,521

As per claim 8. Sharifi Mehr teaches The method of claim 1, further comprising, at the controller, assessing the security posture of each communication session of each application communicating with an application service on each client device of the enterprise through a statistical audit process; and enforcing an instance of the operation on each communication session of each instance of the application with respect to the application service on each client device across the enterprise. (Column 6 line 60 to Column 7 line 27; Column 25 lines 1-35; Column 26 lines 12-25)  (teaches audit logs among a fleet of devices analyzing security postures and enforcing remediation)
Dupont teaches enforcement using audit logs [0006].
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the teachings of Sharifi Mehr with Dupont because it increases security and allows for widespread remediation of security flaws.

As per claim 19. Sharifi Mehr teaches The client device of claim 15, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: send telemetry data from the client device to the network-based resource for a statistical audit process of telemetry data from multiple client devices of the enterprise with respect to communication sessions of an application on multiple client devices; and receive a security posture from the network-based resource for a communication session between the application and the application service.  (Column 6 line 60 to Column 7 line 27; Column 25 lines 1-35; Column 26 lines 12-25)  (teaches audit logs among a fleet of devices analyzing security postures and enforcing remediation)
As per claim 20. Sharifi Mehr teaches The client device of claim 19, comprising further computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to: dynamically change communication sessions across multiple instances of the application on multiple client devices of the enterprise from direct Internet access with lean-trust security to Internet access over a virtual private network (VPN), or vice versa, based on the security posture based in turn on the statistical audit process. (Column 6 line 60 to Column 7 line 27; Column 25 lines 1-35; Column 26 lines 12-25)  (teaches audit logs among a fleet of devices analyzing security postures and enforcing remediation)

Dupont teaches performing the operation based at least in part on the security posture of the communication session comprises dynamically changing the communication session from direct Internet access with lean-trust security to Internet access over a virtual private network (VPN), or vice versa. [0052][0055][0066] (teaches restricting access to specific VPN until security posture passes inspection and then given full access, and vice versa)

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439                                                                                                                                                                                                        

Claims 3, 7, 10, 13, 16, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable
over Dupont US 2009/0307753 in view of Pham US 6,678,828 in view of Vasudevan US
2016/0259941