Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the Amendment filed on 08/19/2022.  
In the instant Amendment, claims 1, 11 and 19 are amended; claims 24-26 are new; claims 1, 11 and 19 are independent claims; claims 4, 14 and 22 are cancelled; Claims 1-23 are pending in this application. THIS ACTION IS MADE FINAL. 

Response to Arguments
Applicant’s arguments in the instant amendment, filed on 08/19/2022 with respect to the limitations below, have been fully considered but they are not persuasive. 
Applicant argues that on (page 4): that Ross in view of Innes fails to disclose or suggest performing each authentication operation between the client device and the relying party, permitting the application within the virtualized session to serve as a conduit. 
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., performing each authentication operation between the client device and the relying party, permitting the application within the virtualized session to serve as a conduit) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). Ross discloses communicating with the client device over a network to perform a client registration operation between a relying party and the client device (see Ross, [0042], [0049]-[0051]); Ross describes re-directing an authentication challenge message to the client device in response to the application receiving the authentication challenge message from the relying party for the user to access the resource (see Ross, [0036]-[0037], [0042]). Ross receives an authentication answer message in response to the authentication challenge message from the client device (See Ross, [0066], [0072] & [0076]). Ross describes the authentication answer messaging being based on a biometric characteristic (see Ross, [0066]-[0068], FIG 5G). Innes was used in combination with Ross to disclose approaches for a client device to securely access resources using a proxy device (see Innes, [0001]). Innes further discloses virtual private network connections are established and managed by an access gateway that manages, accelerates, and improves the delivery of enterprise resources to the mobile device (see Innes, [0073]). Innes discloses a virtualized environment with a virtualized session as a VPN for the user (See Innes, [0014], [0027] and [0072]). Innes further discloses a virtualized environment with a virtualized session as a VPN for the user that supports and enables single sign on authentication for the purpose of granting access to multiple enterprise resources by a web browser [application] (see Innes, [0029]). Thus, in view of the above reasons, the Examiner maintains the rejection with the Ross and Innes references. 
Applicant’s arguments with respect to claim(s) 1, 11 and 19 regarding the limitation “the client device and the application are configured to operate a secure biometric crypto-processor virtual channel for exchanging the authentication challenge message and the authentication answer message,” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 2, 5-7, 11-12, 15-17, 19-20 and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Ross et al (“Ross,” US 20160134599) in view of Innes et al (“Innes,” US 20140331297) and further in view of Innes et al (“Innes ‘546,” US 20160094546). 
Regarding claim 1, Ross discloses an appliance comprising:
a memory and a processor configured to cooperate with the memory to
communicate with a client device over a network to provide the client device, (Ross, [0040], [0043] & [0035], describe a memory and processor configured to cooperate with the memory to communicate with a client device over a network to provide the client device) 
communicate with the client device over the network to perform a registration operation between a relying party and the client device, (Ross, [0042], [0049]-[0051] describes communicate with the client device over the network to perform a registration operation between a relying party and the client device; also see [0055], [0060]-[0061], relying party). 
redirect an authentication challenge message to the client device, the authentication challenge received by the application from the relying party for the user to access the resource, (Ross, [0036]-[0037], [0042], describe re-directing an authentication challenge message to the client device in response to the application receiving the authentication challenge message from the relying party for the user to access the resource; also see [0049], [0051], [0055], [0066], [0068], [0077], authentication challenge messages) and
receive an authentication answer message in response to the authentication challenge message from the client device, (Ross, [0066], [0072], [0076], [0080] describes receiving an authentication answer message in response to the authentication challenge message from the client device; [0036]-[0037], [0053], [0064], also see which further describe based upon a biometric characteristic)
the authentication answer messaging being based upon a biometric characteristic  (Ross, [0053], [0066], [0072], [0076], [0080] describes the authentication answer messaging being based upon a biometric characteristic; [0036]-[0037], [0053], [0064], also see which further describe based upon a biometric characteristic)
the application to forward the authentication answer message to the relying party to complete the authentication operation, (Ross, [0066]-[0068] & FIG 5G describes an application to forward the authentication answer message to the relying party to complete the authentication operation)
Ross fails to explicitly disclose a virtualized delivery appliance; with a virtualized session for a user; an application within the virtualized session performing an authentication operation with the relying party to access a resource, 
However, in an analogous art, Innes discloses a virtualized delivery appliance; (Innes, [0073], describes virtual private network connections are established and managed by an access gateway that manages, accelerates and improves the delivery of enterprise resources to the mobile device)
with a virtualized session for a user; (Innes, [0014], [0027], [0072] describes a virtualized environment with a virtualized session as a vpn for the user)
an application within the virtualized session performing an authentication operation with the relying party to access a resource, (Innes, [0014], [0027], [0072] describes a virtualized environment with a virtualized session as a vpn for the user that supports and enables single sign on authentication  to the purpose of granting access to multiple enterprise resources by a web browser [application] as described in paragraph [0029])
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Innes with the
method/system of Ross to include a virtualized delivery appliance; with a virtualized session for a user; an application within the virtualized session performing an authentication operation with the relying party to access a resource. One would have been motivated to provide approaches for a client device to securely access resources using a proxy device (Innes, [0001]).
	Ross and Innes fail to explicitly disclose the client device and the application are configured to operate a secure biometric crypto-processor virtual channel for exchanging the authentication challenge message and the authentication answer message. 
	However, in an analogous art, Innes ‘546 discloses the client device and the application are configured to operate a secure biometric crypto-processor virtual channel for exchanging the authentication challenge message and the authentication answer message, (Innes ‘546, [0088], [0104], [0179], [0186], describes the client device and the application are configured to operate a secure biometric crypto-processor virtual channel for exchanging the authentication challenge message and the authentication answer message)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Innes ‘546 with the method/system of Ross and Innes to include the client device and the application are configured to operate a secure biometric crypto-processor virtual channel for exchanging the authentication challenge message and the authentication answer message. One would have been motivated to provide logging on a client to a remote computing environment using a smart card and/or to give the client full domain privileges (Innes ‘546, [0002]). 

Regarding claim 2, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 1.  
Ross further discloses wherein the client device comprises a biometric device configured to generate the biometric characteristic of the user, (Ross, [0053] descries a biometric identification reader (e.g. fingerprint scanner, camera) configured to read biometric information (e.g. an fingerprint, a facial image) from an Internet user)

Regarding claim 5, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 1. 
Innes further discloses wherein the application comprises a web browser application, (Innes, [0029] describes wherein the application comprises a web browser application)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Innes with the method/system of Ross to include wherein the application comprises a web browser application. One would have been motivated to provide approaches for a client device to securely access resources using a proxy device (Innes, [0001]).

Regarding claim 6, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 5. 
Ross further discloses wherein said processor is configured to receive a web authentication application programming interface (API) command from the relying party (Ross, [0010]-[0013], [0037], describes wherein said processor is configured to receive a web authentication API call from the relying party; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail )

Regarding claim 7, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 6.
Ross further discloses wherein said processor is configured to translate the web authentication API command from the relying party into the authentication challenge message; (Ross, [0010]-[0013], [0037], describes wherein said processor is configured to translate the web authentication API call from the relying party into the authentication challenge message; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail )
and wherein the client device is configured to generate the web authentication API command based upon the authentication challenge message, (Ross, [0010]-[0013], [0037], describes and wherein the client device is configured to generate the web authentication API call based upon the authentication challenge message; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail)

Regarding claim 11, claim 11 is directed to a computing system. Claim 11 is similar in scope to claim 1 and is therefore rejected under the same rationale.

Regarding claim 12, claim 12 is directed to the computing system of claim 11. Claim 12 is similar in scope to claim 2 and is therefore rejected under the same rationale.

Regarding claim 15, claim 15 is directed to the computing system of claim 11. Claim 15 is similar in scope to claim 5 and is therefore rejected under the same rationale.

Regarding claim 16, claim 16 is directed to the method of claim 15. Claim 16 is similar in scope to claim 6 and is therefore rejected under the same rationale. 

Regarding claim 17, claim 17 is directed to the computing system of claim 16. Claim 17 is similar in scope to claim 7 and is therefore rejected under the same rationale. 

Regarding claim 19, claim 19 is directed to a method. Claim 9 is similar in scope to claim 1 and is therefore rejected under the same rationale.

Regarding claim 20, claim 20 is directed to the method of claim 19. Claim 20 is similar in scope to claim 2 and is therefore rejected under the same rationale.

Regarding claim 23, claim 23 is directed to the method of claim 19. Claim 23 is similar in scope to claim 5 and is therefore rejected under the same rationale. 

Regarding claim 24, claim 24 is directed to the method of claim 23. Claim 24 is similar in scope to claim 6 and is therefore rejected under the same rationale. 

Regarding claim 25, claim 25 is directed to the method of claim 24. Claim 25 is similar in scope to claim 7 and is therefore rejected under the same rationale. 

Claims 3, 13 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Ross et al (“Ross,” US 20160145599), Innes et al (“Innes,” US 20140331297) in view of Innes ‘546 et al (“Innes ‘546,” US 20160094546) and further in view of George et al (“George,” US 20160294822). 

Regarding claim 3, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 1.
Ross, Innes and Innes ‘546 fail to explicitly disclose wherein the client device comprises a local wireless transceiver configured to exchange the authentication challenge message and the authentication answer message with a mobile wireless communication device.
However, in an analogous art, George discloses wherein the client device comprises a local wireless transceiver configured to exchange the authentication challenge message and the authentication answer message with a mobile wireless communication device, (George, [0025], [0052] & [0059] describes wherein the client device comprises a Bluetooth [a local wireless transceiver] configured to exchange the authentication challenge message and the authentication answer message with a mobile device)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of George with the
method/system of Ross, Innes and Innes ‘546 to include wherein the client device comprises a biometric device configured to generate the biometric characteristic of the user. One would have been motivated to provide proximity-based authentication using Bluetooth (George, [0005]). 

Regarding claim 13, claim 13 is directed to the computing system of claim 11. Claim 13 is similar in scope to claim 3 and is therefore rejected under the same rationale.

Regarding claim 21, claim 21 is directed to the method of claim 19. Claim 21 is similar in scope to claim 3 and is therefore rejected under the same rationale.


Claims 8, 18 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Ross et al (“Ross,” US 20160145599), Innes et al (“Innes,” US 20140331297) in view of Innes ‘546 et al (“Innes ‘546,” US 201600945460) and further in view of Pisut et al (“Pisut,” US 20180101850). 

Regarding claim 8, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 6. 
Ross further discloses wherein the web authentication API command (Ross, [0010]-[0013], [0037], describes wherein said processor is configured to translate the web authentication API command from the relying party into the authentication challenge message; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail)
Ross, Innes and Innes ‘546 fail to explicitly disclose comprises a WebAuthn standard authentication command. 
However, in an analogous art, Pisut discloses wherein the web authentication API command comprises a WebAuthn standard authentication command, (Pisut, [0006], [0045], [0025]-[0027], [0081]-[0083] and FIG 4A describes a WebAuthn standard authentication command)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Pisut with the
method/system of Ross, Innes and Innes ‘546 to include wherein the web authentication API command comprises a WebAuthn standard authentication command. One would have been motivated to provide 

Regarding claim 18, Innes discloses the computing system of claim 16. Claim 18 is similar in scope to claim 8 and is therefore rejected under the same rationale. 

Regarding claim 26, claim 26 is directed to the method of claim 24. Claim 26 is similar in scope to claim 8 and is therefore rejected under the same rationale. 

Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Ross et al (“Ross,” US 20160145599), Innes et al (“Innes,” US 20140331297), in view of Innes ‘546 et al (“Innes ‘546,” US 20160094546) and further in view of Erickson et al (“Erickson,” US 20200358822)

Regarding claim 9, Ross, Innes and Innes ‘546 disclose the virtual delivery appliance of claim 1. 
Ross, Innes and Innes ‘546 fail to explicitly disclose wherein the application operates within a virtual operating system (OS); wherein the virtual OS comprises a native authentication interface; and wherein said processor is configured to intercept an authentication OS command of the native authentication interface from the relying party.
However, in an analogous art, Erickson discloses wherein the application operates within a virtual operating system (OS);  (Erickson, [0015] & [0052], describes wherein the application operates within a virtual operating system as a virtual machine)
wherein the virtual OS comprises a native authentication interface; (Erickson, [0022], [0015] & [0052] describes wherein the virtual machine comprises a WebAuthn Application Programming Interface [a native authentication interface]). 
and wherein said processor is configured to intercept an authentication OS command of the native authentication interface from the relying party, (Erickson, [0055], describes a processor; [0012], describes intercepting WebAuthn requests [authentication OS command of the native authentication interface] from the relying party). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Erickson with the method/system of Ross, Innes and Innes ‘546 to include wherein the application operates within a virtual operating system (OS); wherein the virtual OS comprises a native authentication interface; and wherein said processor is configured to intercept an authentication OS command of the native authentication interface from the relying party. One would have been motivated to provide policy enforcement on interactions between computing devices (Erickson, [0001]). 

Regarding claim 10, Ross, Innes, Innes ‘546 and Erickson disclose the virtual delivery appliance of claim 9.  
Ross further discloses wherein said processor is configured to translate the command from the relying party into the authentication challenge
message; (Ross, [0010]-[0013], [0037], describes translating the API call from the relying party into the authentication challenge message; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail)
and wherein the client device is configured to reconstruct the command based upon the authentication challenge message, (Ross, [0010]-[0013], [0037], describes and wherein the client device is configured to reconstruct the API call based upon the authentication challenge message; also see [0055]-[0056], [0062], [0066]-[0067], [0071]-[0073], [0075], [0082]-[0083], [0086]-[0087], [0094], [0101] which describe an API call in greater detail)
Erickson further discloses an authentication OS command (Erickson, [0055], describes a processor; [0012], describes intercepting WebAuthn requests [authentication OS command of the native authentication interface] from the relying party). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Erickson which teaches a specific authentication OS command with the method/system of Ross, Innes and Innes ‘546 which teaches translating and reconstructing the command into and authentication challenge message and Innes to include an authentication OS command. One would have been motivated to provide a means to translate and reconstruct specific authentication OS commands by policy enforcement on interactions between computing devices (Erickson, [0001]). 



Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439