DETAILED ACTION

The present application, filed on or after March 16, 2013, is being examined under the 
first inventor to file provisions of the AIA .

This communication is responsive to the amendment filed 07/20/2022.  

Claims 1-24 are pending in this application. Claims 1, 9, 15, and 22 have been amended. 


Claim Rejections - 35 USC § 103

2.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-10 and 14-24 are rejected under 35 U.S.C. 103 as being unpatentable over Bell (US 20130219468) in view of  Momchilov et al. (US 20170339564) and further in view of Castaldo et al. (US 20080143489).

The Bell reference was cited by Applicant in the IDS filed 08/13/2020.

It is noted that any citations to specific, pages, columns, paragraphs, lines, or figures in the prior art references and any interpretation of the reference should not be considered to be limiting in any way. A reference is relevant for all it contains and may be relied upon for all that it would have reasonably suggested to one having ordinary skill in the art. See MPEP 2123.

As to claim 1:
Bell teaches a method (a method for establishing a session using a connection lease; [0010]) comprising: 

receiving connection requests at a connector appliance from a plurality of client devices to initiate virtual sessions, the connection requests including connection leases issued based upon published resource entitlements, the published resource entitlements for the plurality of client devices being stored and updated by a computing device ([0026]: As shown in FIG. 1, one or more client devices 140 may be in communication with one or more servers 106a-106n (generally referred to herein as "server(s) 106"). In one embodiment, the computing environment 100 can include an appliance installed between the server(s) 106 and client machine(s) 140. This appliance can manage client/server connections, and in some cases can load balance client connections amongst a plurality of backend servers 106; [0064]: With reference to FIG. 5, connection broker 401, acting as a lease issuer, may issue a connection lease that can be used multiple times. A connection lease may be thought of as a static assignment of a client device and/or user to a particular session host (or hosts) having a particular set of resources); 

requesting validation of the connection leases at the connector appliance from the computing device (initially, a connection broker receives a request for a session from a client device. The connection broker determines, based on an identification of the client device, one or more session hosts the client device is authorized to access, and one or more resources the client device is authorized to use on the one or more session hosts. The connection broker then generates a lease token based on the client device, the one or more session hosts, and the one or more resources, where the lease token is a self-sustaining package of data from which each of the one or more session hosts can determine whether the client device is authorized to access the one or more resources hosted by that session host… a session host receives the lease token as a request to establish a session with the client device, and the session host validates the lease token. Based on the validating, the session host sends connection information for use by the client device to establish a session with the session host, and establishes the session between the session host and the client device through which the client device accesses one or more resources hosted by the session host; [0010]); 

responsive to validation of the connection leases by the computing device, at the connector appliance, resolving the connection leases to a virtual delivery appliance, the virtual delivery appliance instead being configured to provide the client devices with access to the virtual sessions based upon connection descriptor files ([0071]: using the lease presenter 604 and lease store 602, a legacy session client 608 may establish a session using lease tokens as follows. When a user desires to establish a connection with a session host 606, the user logs in or presents authentication credentials and the session client calls the connection broker to obtain connection information, expecting to receive a typical ICA or RDP file. The lease presenter 604 intercepts the call to the connection broker and, upon verifying the user and or client's credentials, checks the lease store 602 for an existing lease token for that session client. If no lease token exists, or no lease token exists with suitable constraints (e.g., attempting to connect outside of logon hours, or with a different client device), then the lease presenter may query the connection broker 401 for a new token for the session client, and then in step 601 the lease token is stored in lease store 602; [0074]: In step 611 lease presenter 604, using the information received from session host 606, generates a standard ICA/RDP launch file (based on the protocol in use by the session client, e.g., which could also or alternatively include PCoIP, RGS by Hewlett-Packard, and the like), and sends the launch file to the session client… The session client then uses the received launch file in step 613 to establish the session with the session host and, more specifically, with the specific hosted services (desktop, application, etc.)); and 

 Bell, however, does not explicitly teach, Momchilov teaches returning a session validation from the connector appliance to the client devices for use in preparing the connection descriptor files to access the virtual sessions ([0146]: If the launch is permitted, the launch information (which may, e.g., be embodied in an ICA file) may be sent to Receiver. Seventh, XA/XD may save the tags along with the logon ticket to be used when the remote HDX session (which may, e.g., be a remote HDX WINDOWS session) is created. During remote HDX session start (which may, e.g., be a remote HDX WINDOWS session start), the tags may be used to determine applicable Session Policies; [0155]: when a user launches the application, the launch request may be sent to XA/XD via the same path (e.g., Receiver.fwdarw.StoreFront.fwdarw.XA/XD). The compliance tags may be inserted by Receiver before making Delivery Services launch requests to StoreFront. If the launch is permitted, the launch information (which may, e.g., be embodied in an ICA file) may be sent to Receiver).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Bell with Momchilov because it would have provided an enrolled device with smart access to hosted applications.

The combination of Bell and Momchilov, however, does not explicitly teach, Castaldo teaches a virtual delivery appliance that is not connection lease compatible ([0148]: appliance connector 182 or 282 can be coupled to a smart connector [defined below] for the purpose of coupling the smart cables 182 or 282 or a smart wireless coupler to an internal communicating node of the appliance not directly compatible with the interface provided for by 182 or 282; [0153]; the smart coupler 1042 or smart wireless coupler can also include authentication and encryption capabilities. Authentication serves to validate the connected appliance 12 and/or external client 170, and/or applications included on the appliance and/or on the external client 170. Encryption acts as a key to unlock and expose the appropriate services to the connected appliance 12, external client 170, or application and prevents the unauthorized use of services which are not exposed and not intended for use by a non-authenticated appliance, external client, or application. The smart coupler 1040 or the smart wireless coupler (see FIG. 21) can include special, proprietary electronics that enable communication between the appliance 12 and the external client 170. As a result, unauthorized persons who do not have the smart cable 120, 220 or smart wireless coupler cannot couple an unauthorized external client 170 with the appliance).

It would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention, to combine Castaldo with Bell as modified by Momchilov because it would have provided the enhanced capability for preventing the unauthorized use of services which are not exposed and not intended for use by a non-authenticated appliance, external client, or application. 
As to claim 2:
Bell teaches the connection descriptor files are generated at the client devices from the connection leases and the session validations ([0073-0074]).As to claim 3:
Bell teaches receiving comprises receiving by the connector appliance connection requests from the client devices by directly connecting the client devices to the connector appliance using the connection leases ([0007] and [0075]).As to claim 4:
Bell teaches receiving comprises receiving by the connector appliance connection requests from the client devices by connecting the client devices to the connector appliance using the connection leases via a gateway appliance ([0078-0080]).As to claim 5:
Bell teaches the connections are initiated from the client devices to the virtual delivery appliance by directly connecting to the virtual delivery appliance using the connection descriptor files ([0073-0074]).As to claim 6:
Bell teaches the connections from the client devices to the virtual delivery appliance are initiated via a gateway appliance using the connection descriptor files ([0078-0080]). As to claim 7:
Mrozek teaches at the connector appliance, generating connection lease resolution data responsive to requests from the client devices ([0064]).As to claim 8:
Bell teaches the client devices are further configured to request connection lease resolution data from at least one of a gateway appliance and other client devices ([0064-0065]).As to claim 9:
Bell teaches generating comprises generating the connection lease resolution data based upon at least one of the connection leases and the connection lease resolution data ([0064-0065]).As to claim 10:
Bell teaches the connection leases include a network address of the connector appliance to cause at least some of the client devices to indirectly request connections to the virtual sessions through the virtual delivery appliance via the connector appliance ([0073] and [0079]).As to claim 14:
Bell teaches at the connector appliance, directing the client devices to proceed to a next option in their connection leases without availability of the computing device ([0071- 0072]). 
As to claim 15:
The rejection of claim 1 above is incorporated herein in full.  Additionally, Bell teaches
the client devices are configured to generate the connection descriptor files responsive to the session validations and initiate connections with the virtual delivery appliance using the generated connection descriptor files to access the virtual sessions (the session host(s) may verify the lease token, and further verify the user's authenticity if needed. Each session host may represent or administer multiple desktops, applications, and/or other hosted services. Thus, in step 609 the session host determines which hosted service the session client is to be connected to, and returns additional connection details to the lease presenter. The additional connection details may include an IP address or DNS specific to the desktop or other hosted service, and any other information needed by the lease presenter to generate a launch file…In step 611 lease presenter 604, using the information received from session host 606, generates a standard ICA/RDP launch file (based on the protocol in use by the session client, e.g., which could also or alternatively include PCoIP, RGS by Hewlett-Packard, and the like), and sends the launch file to the session client… The session client then uses the received launch file in step 613 to establish the session with the session host and, more specifically, with the specific hosted services (desktop, application, etc.); [0073-0074]).
As to claim 16: 
Bell teaches the client devices are configured to generate the connection descriptor files from the connection leases and the session validations ([0073-0074]).As to claim 17:
Bell teaches the client devices are configured to initiate the connections to the virtual delivery appliance by directly connecting to the virtual delivery appliance using the connection descriptor files ([0073-0074]).As to claim 18:
Bell teaches the client devices are configured to initiate the connections to the virtual delivery appliance via a gateway appliance using the connection descriptor files ([0078-0080]).As to claim 19:
Bell teaches the client devices are further configured to request connection lease resolution data from the connector appliance ([0064-0065]).As to claim 20:
Bell teaches the connector appliance comprises a plurality of connector appliances located in different zones; and wherein the client devices are configured to monitor an availability of the connector appliances in the different zones, and request connections with the connection leases and receive the session validations directly or via a gateway appliance responsive to the availability of at least one of the connector appliances being above or below an availability threshold ([0067-0070]).As to claim 21:
Bell teaches the virtual delivery appliance comprises a plurality of virtual delivery appliances located in different zones; wherein the session validations comprise zone association information; and wherein the client devices are configured to generate connection descriptor files and session requests for direct launch or launch via the gateway appliance responsive to the availability of the connector appliances in different zones and the zone association information ([0067-0070]).As to claim 22:
The rejection of claim 1 above is incorporated herein in full.  Additionally, Bell teaches the use of a memory (memory 15;[0021]) and a processor (processor 103; [0021]).
As to claim 23:
Bell teaches the client devices are further configured to request connection lease resolution data from the connector appliance ([0064-0065]).As to claim 24: 
Bell teaches the connector appliance is configured to direct the client devices to proceed to a next option in their connection leases without availability of the computing device ([0071- 0072]).
Allowable Subject Matter

3.	Claims 11-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims, subject to the results of a final search by the Examiner.

Response to Arguments 

4.	Applicant's arguments filed 07/20/2022 have been fully considered but are deemed to be moot in view of the new ground(s) of rejection necessitated by Applicant's amendments.  

Conclusion


5.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information

6.	Any inquiry or a general nature or relating to the status of this application should 
              be directed to the TC 2100 Group receptionist: (571) 272-2100.

	Any inquiry concerning this communication or earlier communications from the 
	examiner should be directed to VAN H. NGUYEN whose telephone number is (571) 272-3765. The examiner can normally be reached on Monday- Friday from 9:00AM- 5:30 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LEWIS BULLOCK can be reached at (571) 272-3759. 

The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
	
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 


/VAN H NGUYEN/
Primary Examiner, Art Unit 2199