DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 11/16/2022.Claims 1,3,5, 9,17-18, and 20 are amended. Claims 2, and 4 are cancelled. Claims 1,3, and 5-20 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 17/139,927.

Response to Arguments
Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 


The Applicant respectfully submits on pages 7-8 of remarks filed on 11/16/2022 various amendment and arguments to independent claims 1, 9, and 17.


Examiner respectfully disagree with applicant argument on pages 8-11 of remarks filed on 11/16/2022. 
 For claim 1, Shravan discloses security posture information associated with one or more of: the endpoint device, wherein the security posture information associated with the user is based on a user behavior anomaly observed by the endpoint agent, the user, wherein the security posture information associated with the endpoint device is based on an endpoint device behavior anomaly observed by the endpoint agent, and the protected object[ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies, the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance],and [[¶12] In another example, a network appliance that enforces one or more policies for accessing a private network, the network appliance comprising at least one processor is configured to, in response to receiving a first request to access a protected network resource from an endpoint device that includes a client software module configured to communicate with the network appliance, (a) determine which compliance information related to policies associated with a role that was granted as a result of the authentication that was performed earlier, (b) request all of the determined compliance information from the client software module (c) evaluate the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) store the received compliance information in a database associated with the network appliance], and [¶36, the verification module 308 determines whether the user device 118 is authorized to access one or more protected resources 116 in the private network 104. Based on the identity of the user and/or user device 118 (e.g., determined though the authentication check), the verification module 308, in conjunction with the policy server 114, determines whether the user device 118 is compliant with applicable policies], and [¶¶39, 45].
Examiner Note: claim 1 recite “one or more of”, which give option to examiner to map any one of the limitations.

Furthermore Bosch discloses wherein the security posture information associated with the endpoint device is based on an endpoint device behavior anomaly observed by the endpoint agent[¶32, the agent 112 on a given device 102 can detect and in some implementations manage multiple client states and their associated telemetry, including the hosting environment(s) 208 of the client device 102 (e.g., virtual machines), operating system release 210, certifications 212, evidence of tampering 214, availability of a Trusted Platform Module (TPM) 216, secure boot functions 218, authenticated application hosting 208, and the hosting of the agent 112 as introduced above, for example]’ and  [¶88, Examples of telemetry data include a security state of a hosting environment, authentication of the hosting environment, security `states of virtual machines on the client device, evidences of tampering(behavior anomaly), security postures of system calls executed on the client device, socket maintenance metrics, an operating system release, availability of a trusted platform module (TPM), verification of a secure boot function, DNS information, the ambient environment of the client device, an SSID, cellular network identities, and so forth.].

For claim 9, Shravan discloses security posture information associated with two or more of the endpoint devices, the user, and the protected object [ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies, the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance],and [[¶12] In another example, a network appliance that enforces one or more policies for accessing a private network, the network appliance comprising at least one processor is configured to, in response to receiving a first request to access a protected network resource from an endpoint device that includes a client software module configured to communicate with the network appliance, (a) determine which compliance information related to policies associated with a role that was granted as a result of the authentication that was performed earlier, (b) request all of the determined compliance information from the client software module (c) evaluate the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) store the received compliance information in a database associated with the network appliance], and [¶36, the verification module 308 determines whether the user device 118 is authorized to access one or more protected resources 116 in the private network 104. Based on the identity of the user and/or user device 118 (e.g., determined though the authentication check), the verification module 308, in conjunction with the policy server 114, determines whether the user device 118 is compliant with applicable policies], and [¶¶39, 45].


For claim 17, Shravan discloses security posture information associated with at least the endpoint device, wherein the security posture information associated with the endpoint device is based on an endpoint device behavior anomaly observed by the endpoint agent.
[ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies, the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance].
Furthermore Bosch discloses this limitation as[¶32, the agent 112 on a given device 102 can detect and in some implementations manage multiple client states and their associated telemetry, including the hosting environment(s) 208 of the client device 102 (e.g., virtual machines), operating system release 210, certifications 212, evidence of tampering 214( behavior anomaly), availability of a Trusted Platform Module (TPM) 216, secure boot functions 218, authenticated application hosting 208, and the hosting of the agent 112 as introduced above, for example]’ and  [¶88, Examples of telemetry data include a security state of a hosting environment, authentication of the hosting environment, security `states of virtual machines on the client device, evidences of tampering, security postures of system calls executed on the client device, socket maintenance metrics, an operating system release, availability of a trusted platform module (TPM), verification of a secure boot function, DNS information, the ambient environment of the client device, an SSID, cellular network identities, and so forth.].

Examiner Note: Examiner maintain his rejection.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1,3,6,8-9,11,14,16-17, and 19 are rejected under 35 U.S.C. 102 (a)(2) as being anticipated by over Shravan et. al. (U.S. Patent Application Publication No. 20210281576 A1), hereinafter Shravan.
Regarding claim 1, Shravan discloses A system operable as a Zero Trust Network Access (ZTNA) service module [¶22, The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) (i.e. ZTAN) controller, etc.)) comprising: 
a processing resource [¶51, processor]; and 
a non-transitory computer-readable medium, coupled to the processing resource, having stored therein instructions that when executed by the processing resource cause the processing resource perform a method comprising [¶51, Instructions embedded or encoded in a computer-readable medium may cause a programmable processor, or other processor, to perform the method, e.g., when the instructions are executed]; and 
receiving from an endpoint device an access request to a protected object [¶25, The network appliance 110 intercepts requests to access to the private network 104 by devices such as the user device 118 (i.e. endpoint device) or other network devices]; and
verifying an identity of a user of the endpoint device via an identity management system [¶25, On the first request in a predetermined time period (e.g., upon the first access request in a 24-hour period, etc.), the network appliance 110, in conjunction with the authorization server 112 (i.e. identity management system), authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”)]; and 
when said verifying is affirmative [¶26, When authentication is successful, the network appliance 110 may permit limited access to the private network 104 without providing access to the protected resources 116. For example, the limited access may only allow layer 2 (L2) in the OSI model access. Before providing access to the protected resources 116, the network appliance 110, via the policy server 114, enforces one or more policies (sometimes referred to as performing an “authorization check”)]; and
receiving from an endpoint agent running on the endpoint device, security posture information associated with one or more of the endpoint device, the user, and the protected object [¶45, The client 120 (i.e. endpoint agent) collects user device details related to the requirements received from the network appliance 110 (608). Additionally, the client 120 stores the current state of the user device 118 related to the collected details (610). For example, if the compliance information requests the current version of an email client, the client 120 saves, in memory, the current version of the email client (i.e., the version of the email client that is sent to the network appliance 110). The client 120 sends the collected details (e.g., the requested compliance information) (i.e. security posture) to the network appliance 110 (612)]; and 
security posture information associated with one or more of: the endpoint device, wherein the security posture information associated with the user is based on a user behavior anomaly observed by the endpoint agent, the user, wherein the security posture information associated with the endpoint device is based on an endpoint device behavior anomaly observed by the endpoint agent, and the protected object [ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies( behavior anomaly), the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance],and [[¶12] In another example, a network appliance that enforces one or more policies for accessing a private network, the network appliance comprising at least one processor is configured to, in response to receiving a first request to access a protected network resource from an endpoint device that includes a client software module configured to communicate with the network appliance, (a) determine which compliance information related to policies associated with a role that was granted as a result of the authentication that was performed earlier, (b) request all of the determined compliance information from the client software module (c) evaluate the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) store the received compliance information in a database associated with the network appliance], and [¶36, the verification module 308 determines whether the user device 118 is authorized to access one or more protected resources 116 in the private network 104. Based on the identity of the user and/or user device 118 (e.g., determined though the authentication check), the verification module 308, in conjunction with the policy server 114, determines whether the user device 118 is compliant with applicable policies], and [¶39]; and 
determining based on a plurality of ZTNA policies and the security posture information whether to allow the access request [¶46, The network appliance 110 evaluates the compliance (sometimes referred to as “evaluating the compliance state”) of the user device 118 using the compliance information received from client 120 (614). For example, the network appliance 110 may compare the status of ports (e.g., opened or closed, etc.) included in the compliance information to the status of ports required by the corresponding policy]; and 
when said determining is affirmative, granting access to the protected object by the user via the endpoint device [¶46, The network appliance 110 provides access to the protected network zone and/or protected resources 114 of the private network 104 based on the compliance (e.g., based on the compliance state) of the user device 118 with the applicable policies (618). For example, if 616the user device 118 is compliant with all of the policies, the network appliance 110 may provide full access to the private network 104 that is afforded to the role assigned to the user device 118 (e.g., when the user device 118 is authenticated)].  
Regarding claim 9, Shravan discloses A method performed by a processing resource of a Zero Trust Network Access (ZTNA) service module [¶22, The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) (i.e. ZTAN) controller, etc.)], the method comprising: 
receiving from an endpoint device an access request to a protected object [¶25, The network appliance 110 intercepts requests to access to the private network 104 by devices such as the user device 118 (i.e. endpoint device) or other network devices.]; and 
verifying an identity of a user of the endpoint device via an identity management system [¶25, On the first request in a predetermined time period (e.g., upon the first access request in a 24-hour period, etc.), the network appliance 110, in conjunction with the authorization server 112 (i.e. identity management system), authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”)]; and  
when said verifying is affirmative [¶6, When authentication is successful, the network appliance 110 may permit limited access to the private network 104 without providing access to the protected resources 116. For example, the limited access may only allow layer 2 (L2) in the OSI model access. Before providing access to the protected resources 116, the network appliance 110, via the policy server 114, enforces one or more policies (sometimes referred to as performing an “authorization check”)]; and 
receiving from an endpoint agent running on the endpoint device, security posture information associated with two or more of the endpoint device, the user, and the protected object [ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies( behavior anomaly), the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance],and [[¶12] In another example, a network appliance that enforces one or more policies for accessing a private network, the network appliance comprising at least one processor is configured to, in response to receiving a first request to access a protected network resource from an endpoint device that includes a client software module configured to communicate with the network appliance, (a) determine which compliance information related to policies associated with a role that was granted as a result of the authentication that was performed earlier, (b) request all of the determined compliance information from the client software module (c) evaluate the compliance of the endpoint device based on the compliance information received from the client software module and providing access when the compliance information satisfies the policies, and (d) store the received compliance information in a database associated with the network appliance], and [¶36, the verification module 308 determines whether the user device 118 is authorized to access one or more protected resources 116 in the private network 104. Based on the identity of the user and/or user device 118 (e.g., determined though the authentication check), the verification module 308, in conjunction with the policy server 114, determines whether the user device 118 is compliant with applicable policies], and [¶¶39, 45]; and
determining based on a plurality of ZTNA policies and the security posture information whether to allow the access request [¶46, The network appliance 110 evaluates the compliance (sometimes referred to as “evaluating the compliance state”) of the user device 118 using the compliance information received from client 120 (614). For example, the network appliance 110 may compare the status of ports (e.g., opened or closed, etc.) included in the compliance information to the status of ports required by the corresponding policy]; and 
when said determining is affirmative, granting access to the protected object by the user via the endpoint device [¶46, The network appliance 110 provides access to the protected network zone and/or protected resources 114 of the private network 104 based on the compliance (e.g., based on the compliance state) of the user device 118 with the applicable policies (618). For example, if 616the user device 118 is compliant with all of the policies, the network appliance 110 may provide full access to the private network 104 that is afforded to the role assigned to the user device 118 (e.g., when the user device 118 is authenticated].
Regarding claim 17,  Shravan discloses A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processing resources of a computer system [¶51]) operable as a - 29 -Zero Trust Network Access (ZTNA) service module [¶22, The private network 104 includes a network appliance 110 (e.g., a network access control (NAC) device or a virtual private network (VPN) controller, a software defined perimeter (SDP) (i.e. ZTAN) controller, etc.)], causes the one or more processing resources to perform a method comprising:
receiving from an endpoint device an access request to a protected object [25, The network appliance 110 intercepts requests to access to the private network 104 by devices such as the user device 118 (i.e. endpoint device) or other network devices]; and
verifying an identity of a user of the endpoint device via an identity management system [¶25, On the first request in a predetermined time period (e.g., upon the first access request in a 24-hour period, etc.), the network appliance 110, in conjunction with the authorization server 112 (i.e. identity management system), authenticates the identity of the user of the user device 118 using user credentials (sometimes referred to as “authentication credentials”) supplied by the client 120 (sometimes referred to as performing an “authentication check”)]; and
when said verifying is affirmative [¶26, When authentication is successful, the network appliance 110 may permit limited access to the private network 104 without providing access to the protected resources 116. For example, the limited access may only allow layer 2 (L2) in the OSI model access. Before providing access to the protected resources 116, the network appliance 110, via the policy server 114, enforces one or more policies (sometimes referred to as performing an “authorization check”)]; and
security posture information associated with at least the endpoint device, wherein the security posture information associated with the endpoint device is based on an endpoint device behavior anomaly observed by the endpoint agent.
[ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies (behavior anomaly), the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance].
Regarding claim 3, Shravan discloses  wherein the protected object comprises an application [¶29, The protected resources 116 may include a user email account, a file server for storing documents, an application server for sharing network-enabled versions of common software applications with many user devices, a network printer, a communications server for handling e-mail exchanges, fax communications, remote access to the network, firewalls and/or other internet services, a database server for storing data and for managing requests to store or access data, or the like, to which user device 118 or the user of user device 118 attempts to gain access.) and wherein the user behavior anomaly relates to one or more of usage of the application, a communication origin of the access request, use of a new communication protocol, use of a new port, irregular working hours by the user over a particular timeframe [¶41, The policies include characteristics that, when true, make the policy applicable and requirements to satisfy the policy. The characteristics, for example, may be based on the characteristics of the user (e.g., security clearance, job title, location, etc.) of the user device 118 (e.g., associated with the credential supplied during the authentication check), the protected resources 116 that the user device 118 will access, the time of day, general policies of the private network 104, etc.].  
Regarding claim 6, wherein the security posture information associated with the endpoint device is based on information indicative of (I) potential attacks relating to the endpoint device or inconclusive audited incidents over a particular timeframe, (ii) software or hardware vulnerabilities of the endpoint device, or (iii) regulation or compliance issues of the endpoint device 
Sharvan discloses: [ ¶5, While username and password authorization can be performed on L2, a policy compliance check of the end user device is generally performed at higher OSI model layer, e.g. L3 the L7. Thus, after authenticating a username and password, the network control device performs a compliance check of the end user device to determine if the end user device is in compliance with current policies of the enterprise network. The current policies may be stored on the network control device or on a separate policy server in communication with the network control device. If the end user device is found to be in compliance with current policies of the private network, the network control device grants the end user device a higher level of access (e.g., full access) to the private network. If the end user device is found not to be compliance with current policies (behavior anomaly), the network control device may deny the end user device access to the private network, or at least until the end user device has been brought into compliance, e.g., by providing the end user device with access to a remediation server or module to be used to bring the end user device into compliance]
Examiner Note: Bosch  also discloses this limitation as: [¶88, Examples of telemetry data include a security state of a hosting environment, authentication of the hosting environment, security states of virtual machines on the client device, evidences of tampering (i.e. i), security postures of system calls executed on the client device, socket maintenance metrics, an operating system release, availability of a trusted platform module (TPM), verification of a secure boot function, DNS information, the ambient environment of the client device, an SSID, cellular network identities, and so forth.].  
Sharvan and Bosch are analogous references to the claimed invention as they both pertain to receiving a request to access a protected resource, applying ZTNA (SDP) polies to give access to the user. Therefore, it would have been obvious to one of ordinary skill before the effective filing date of the invention to modify Sharvan by including the security posture information of the user device as taught by Bosch. Such modification will add more information to what is taught by Sharvan and consequently increases the security of the system.
Regarding claim 8, Shravan discloses wherein the endpoint agent comprises an endpoint protection platform [¶33, The client 120 (i.e. endpoint agent) monitors the operating system 204 and/or the user applications 210. For example, the client 120 may monitor the versions of the OS 204 and/or the user applications 210, the settings of the user applications 210, and/or the presence and absence of user applications.).
Regarding claims 11, and 19, the claim is rejected and interpreted for the same rational set forth in claim 3.
Regarding claim 14, the claim is rejected and interpreted for the same rational set forth in claim 6.
Regarding claim 16, the claim is rejected and interpreted for the same rational set forth in claim 8.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 5, 10, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Shravan in view of Bosch et. al. (U.S. Patent Application Publication No. 20210044623 A1), hereinafter Bosch.
Regarding claims 5, Sharvan  does not explicitly disclose, however Sharvan Bosch teaches wherein the endpoint device behavior anomaly relates to one or more of consumption of processing, storage, or memory resources of the endpoint device, installation of a new driver, or modification of a serial number of a hardware component of the endpoint device [¶24,  Each agent 112 can be built as hardware or installed as instructions for hardware on the client device 102, to operate within the protection of a secure boot mode or equivalent, on a given device 102. Secure boot mode defines an interface between an operating system of the client device 102 and the device's firmware and BIOS. Example secure boot modes are configured to resist attacks and infection from malware by detecting tampering, modification of boot loaders, tampering with key operating system files, and unauthorized option ROMs, by validating their digital signatures. An option ROM is firmware in BIOS shadowed into memory and executed to initialize the client device 102 and register the device 102 with the BIOS, acting like a driver to interface between BIOS services and the particular hardware of the client device 102. The example agent 112 is initialized in a secure boot mode so that detected problems or attempts to hijack or tamper with the agent 112 are blocked from running before they can attack or infect the agent 112. The agent 112 is coded with credentials to execute in secure boot mode, while modification of the code or the credentials, or removal of the credentials, results in a failed initiation of the agent 112 or rejection of the agent's startup. When the agent 112 has not initialized or the agent is not responding properly to the network-based controller 110, the client device 102 reverts to a maximum-security mode as a default, either by onboard configuration or under instructions from the network-based controller 110], and [¶¶ 34, 50, 52, 57, 61, 82], and see [claims 9-14].
Sharvan and Bosch are analogous references to the claimed invention as they both pertain to receiving a request to access a protected resource, applying ZTNA (SDP) polies to give access to the user. Therefore, it would have been obvious to one of ordinary skill before the effective filing date of the invention to modify Sharvan by including the endpoint behavior anomalies taught by Bosch. Such modification will add more information to what is taught by Sharvan and consequently increases the security of the system.
Regarding claim 10, Shravan does not explicitly disclose, however Bosch teaches wherein the security posture information associated with the user is based on a user behavior anomaly observed by the endpoint agent [¶29,  The system 100 can apply different example techniques for identifying the vulnerability of a client application or service, and for providing tailored protection for the communication to be used by the application 200. The system 100 selectively enables or disables network-based security mechanisms to protect the users, client devices, and client application-service connections, even down to the granularity of protecting each network connection of each individual application 200 based on the vulnerability assessment of each user, client device 102, application 200, and service that the individual application 200 will use], and [30…  The network-based controller 110 and the one or more agents 112 continuously gather information about the applications 200 and respective services used by the user, such as an employee, the application protocols used, and ongoing threats to these applications and services… the system 100 may also collect information from the given enterprise employee and can gather information about the employee's standing and certifications, and rights to services within the enterprise. [0079] LTN mode to Overlay mode transition 410—Reports of unhealthy application-service metrics and interactions, or other posture vector parameters that suggest caution, issues with the enterprise employee, and results of statistical analysis, for example, may result in this transition 410 from a less restrictive or less careful security mode 404 for the network connection of an individual application 200, to a network connection with more security 402 and with more stringent assessments, that is less lenient than LTN mode 404, based on some detected safety or security issues], and [0084] In summary, the example system 100 assesses by way of a security posture vector, whether and how enterprise employees can use direct Internet access 404 to communicate between an individual application 200 of a device 102 (mobile device for example) and (cloud) services in a lean-trust networking (LTN) mode 404, or if traditional enterprise networking 402 with higher security, such as a VPN, must be used for such a communication between an individual application 200 and a service.
Sharvan and Bosch are analogous references to the claimed invention as they both pertain to receiving a request to access a protected resource, applying ZTNA (SDP) polies to give access to the user. Therefore, it would have been obvious to one of ordinary skill before the effective filing date of the invention to modify Sharvan by observing user behavior using the agent installed on the user device. This will provide a complete security posture information about the requester and improves the security of the system.
Regarding claim 13, and 20, the claim is rejected and interpreted for the same rational set forth in claim 5.
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Shravan in view of Begun et. al (U.S. Patent Application Publication No 20210273937 A1), hereinafter Begun.
Regarding claim 7, Sharvan discloses all the claimed features except the ZTNA broker (trust broker).
However, Begun discloses wherein the ZTNA service module (Fig. 2, Operating environment 200) comprises a ZTNA broker (Trust broker 300) and wherein the system comprises a network security appliance (Infrastructure Manager 402).  
Sharvan and Begun are analogous references to the claimed invention as they both pertain to receiving a request to access a protected resource, applying ZTNA (SDP) polies to give access to the user. Therefore, it would have been obvious to one of ordinary skill before the effective filing date of the invention to modify Sharvan by adding a trust broker to facilitate communication between the user and the protected object. Such modification will allow a more secure connection since the user cannot independently verify the trust of the protected object and vice versa (Begun, Par. [0017]).
Regarding claim 15, the claim is rejected and interpreted for the same rational set forth in claim 7.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
WO2018040450A1[METHOD FOR DYNAMICALLY CONFIGURING DOCUMENT ACCESS RIGHT].
Fleischman (US2012/0321087) [ CONTROLLING ACCESS TO PROTECTED OBJECTS].
Pularikkal (US2020/0236112) [MACHINE LEARNING-BASED APPLICATION POSTURE FOR ZERO TRUST NETWORKING].
Dupont (US 20090307753 A1) teaches a based scanning and assessment of network connections. 
Mahaja (US20200336484 A1) intercepting network connection request and verifying the connection by using applicable policies. 

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
                                                                                                                               

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
                                                           Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496