DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The following is a Final Office action in response to communications received on 09/26/2022. 

Response to Amendment
Claims 1, 5, 9, 13 and 17 have been amended. 
Applicant’s arguments with respect to claims 1, 9 and 17 regarding the new limitations: “creating a session by rendering the web content associated with the request…”, “creating a session by isolating the cloud application in the cloud based secure environment”, and “taking one or more snapshots at one of regular intervals or before a logout event of a user of cookies and the session created”, have been considered but are moot in view of the new ground of rejection presented in the current office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1, 3-9, 11, 12, 14-17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 20180159896 to Soman et al (hereinafter Soman), US 20200153818 to Chauhan (hereinafter Chauhan) and US 20050095571 to Miller (hereinafter Miller).
As per claims 1, 9 and 17, Soman teaches:
A non-transitory computer-readable medium comprising instructions that, when executed, cause one or more processors to perform the steps of: 
receiving a request for resources that are one of web content and a cloud application from a user device (Soman: [0022] As depicted in FIG. 2, secure browsing service 120 receives (201) a request for an internet browser from end user device 110. Once a request by the end user corresponds to an untrusted web destination (URL or IP address) that requires the use of secure browsing service 120, a request may be transferred to the secure browsing service 120 to accommodate the secure browsing requirement); 
determining the request requires isolation based on any of policy, category of the web content, type of the user device, and location of the user device (Soman: [0022]: Once a request by the end user corresponds to an untrusted web destination (URL or IP address) that requires the use of secure browsing service 120, a request may be transferred to the secure browsing service 120 to accommodate the secure browsing requirement. [0023] After receiving the request from end user device 110, operation 200 further directs secure browsing service 120 to allocate (202) a virtual machine with an instance of the internet browser executing thereon to the end user device), 
in response to the request for resources being from the web content that requires isolation, creating a session by rendering the web content associated with the request in a cloud based secure environment that is isolated from the user device and providing image content to the user device based on the web content rendered, the image content based on the web content rendered being graphics files including passive, safe pixels (Soman: [0016]: In particular, in response to a triggering event on the local device, the device may transfer a request to the secure browsing service to instantiate a remote connection session with a virtual machine executing a browser instance. [0029]. [0022]: Once a request by the end user corresponds to an untrusted web destination (URL or IP address) that requires the use of secure browsing service 120, a request may be transferred to the secure browsing service 120 to accommodate the secure browsing requirement. [0027] When the end user device is accessing the browser on the virtual machine using a remote desktop protocol, the graphical user interface (GUI) of the desktop is generated on the server hosting the virtual machine and the GUI image data is then encoded and transmitted over the network to the client device, where it is decoded and displayed to the user. For example, the framebuffer pixel data produced by the browser operating on the virtual machine may be encoded using a codec, such as H264, and transmitted over an Internet connection to the end user device, where the data is decoded and rendered in the secure browser window displayed on the screen of the end user device. [0068]: In some examples, secure browsing service 120 may operate as a cloud service or in a data center); 
in response to the request for resources being the cloud application that requires isolation, creating a session by isolating the cloud application in the cloud based secure environment and providing image content to the user device based on data from the cloud application, the image content based on the data from the cloud application being graphics files including passive, safe pixels (Soman: [0016]: In particular, in response to a triggering event on the local device, the device may transfer a request to the secure browsing service to instantiate a remote connection session with a virtual machine executing a browser instance. [0029].  [0022] As depicted in FIG. 2, secure browsing service 120 receives (201) a request for an internet browser (application) from end user device 110. [0027] When the end user device is accessing the browser (application) on the virtual machine using a remote desktop protocol, the graphical user interface (GUI) of the desktop is generated on the server hosting the virtual machine and the GUI image data is then encoded and transmitted over the network to the client device, where it is decoded and displayed to the user. For example, the framebuffer pixel data produced by the browser operating on the virtual machine may be encoded using a codec, such as H264, and transmitted over an Internet connection to the end user device, where the data is decoded and rendered in the secure browser window displayed on the screen of the end user device. [0068]: In some examples, secure browsing service 120 may operate as a cloud service or in a data center. Also, [0020]); 
Soman does not teach: wherein app gating provides the capability to tag/detect endpoint and transparently redirect Software as a Service (SaaS) apps to isolation using a Security Assertion Markup Language (SAML) proxy; and taking one or more snapshots at one of regular intervals or before a logout event of a user of cookies and the session created. However, Chauhan teaches:
wherein app gating provides the capability to tag/detect endpoint and transparently redirect Software as a Service (SaaS) apps to isolation using a Security Assertion Markup Language (SAML) proxy (Chauhan: [0037]: when a user accesses a SaaS web service with security assertion markup language (SAML) enabled for instance, the corresponding access request can be forwarded to a designated gateway service that determines, checks or verifies if the CEB was used to make the access request. Responsive to determining that a CEB was used to make the access request, the gateway service can perform or provide authentication and single-sign-on (SSO), and can allow the CEB to connect directly to the SaaS web service. [0039]: The enterprise may choose to implement policies to manage the client device 202. The policies may be implanted through a firewall or gateway in such a way that the client device may be identified (tag/detect), secured or security verified, and provided selective or full access to the enterprise resources. Fig. 4, [0110]-[0113]: For example, in operation (1), the user may log into the network application using the standard browser. In operation (3), the gateway service and/or the server can direct (or redirect) all traffic to a secure browser 420 which provides a secure browsing service. [0115]: the secured browser 420 comprises a browser that is hosted on a network device 432 of the cloud services 408. The hosted browser can include an embedded browser of a hosted virtualized version of the CEB that is hosted on the network device 432. [0141] Driving all the traffic though the CEB then allows additional control of content accessing SaaS and Web based systems. Data Loss Prevention (DLP) of SaaS and Web traffic can be applied through the CEB app with features including copy and paste control to other CEB access applications or IT managed devices. DLP can also be enforced by enabling content to be downloaded only to designated file servers or services under IT control. [0153]: In still other implementations, a policy may identify specific users, devices, or groups for which a network application should be loaded rather than a local application or vice versa. [0042]. [0085]-[0088]. [0094]. [0122], [0137]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Chauhan in the invention of Soman to include the above limitations. The motivation to do so would be that by redirecting the client device to the remote application, the system pursues the user's “intent” in launching the local application, while providing enhanced security, enforcing enterprise access policies, and providing other enhanced network application features (Chauhan: [0156]).
Soman in view of Chauhan does not teach: taking one or more snapshots at one of regular intervals or before a logout event of a user of cookies and the session created. However, Miller teaches:
taking one or more snapshots at one of regular intervals or before a logout event of a user of cookies and the session created (Miller: [0061]: When an SSL session is started, the browser in client computer 32 and the server 34 exchange and verify digital certificates and public keys. [0091] In a preferred embodiment, individual sessions are created by maintaining transaction state. [0095] The current invention includes a program that regularly saves the current state of each examination session (including questions and answers) on the server. At regular intervals (preferably 60 seconds), the client browser automatically initiates a special request to the server, which causes cookie information to be recorded in a unique file. The unique file, referred to as the "cookie jar" file, thus holds a complete record of a single session in the form of 60 second snapshots. [0114]).	
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Miller in the invention of Soman in view of Chauhan to include the above limitations. The motivation to do so would be to restore the examination in progress as soon as the candidate logs in again (Miller: [0097]).

As per claims 3, 11 and 19, Soman in view of Chauhan and Miller teaches: 
The non-transitory computer-readable medium of claim 1, wherein the resources are the cloud application and the user device is one or more of i) located outside an enterprise's network and ii) a non-enterprise device, and the cloud application is provided in isolation to avoid data exfiltration on the user device (Soman: Fig. 1, [0018]: Secure browsing service 120 may be accessed by end user device 110 using the internet, the intranet, or some other similar communication network. [0067]: end user device 110 can be subscriber equipment, customer equipment (non-enterprise device). [0022] As depicted in FIG. 2, secure browsing service 120 receives (201) a request for an internet browser (application) from end user device 110. Chauhan: Fig. 4, [0110]-[0113]: For example, in operation (1), the user may log into the network application using the standard browser. In operation (3), the gateway service and/or the server can direct (or redirect) all traffic to a secure browser 420 which provides a secure browsing service. [0088]. [0137]: the gateway service can cause a virtualized version of a CEB to be initialized and hosted on a remote server (e.g., a network device 432 of cloud services 408). [0141] Driving all the traffic though the CEB then allows additional control of content accessing SaaS and Web based systems. Data Loss Prevention (DLP) of SaaS and Web traffic can be applied through the CEB app with features including copy and paste control to other CEB access applications or IT managed devices. DLP can also be enforced by enabling content to be downloaded only to designated file servers or services under IT control).
The examiner provides the same rationale to combine prior arts Soman and Chauhan as in claims 1, 9 and 17 above. 

As per claims 4 and 12, Soman in view of Chauhan and Miller teaches: 
The non-transitory computer-readable medium of claim 1, wherein the determining is performed by a secure web gateway (Chauhan: [0112] In operation (3), the gateway service and/or the server can direct (or redirect) all traffic to a secure browser 420 which provides a secure browsing service. This may be in response to at least one of: a determination that the requested network application is a sanctioned network application, a determination that the requested network application is sanctioned, and/or a determination that the predefined URL and/or corresponding webpage is accessed. [0137]: the gateway service can cause a virtualized version of a CEB to be initialized and hosted on a remote server (e.g., a network device 432 of cloud services 408). [0115]).
The examiner provides the same rationale to combine prior arts Soman and Chauhan as in claims 1 and 9 above. 

As per claims 5 and 13, Soman in view of Chauhan and Miller teaches: 
The non-transitory computer-readable medium of claim 1, wherein the instructions that, when executed, further cause the one or more processors to perform the steps of persisting or creating a state and session of the cloud application in the secure environment, for use after the user device logs out and logs back in based on the one or more snapshots (Miller: [0061]: When an SSL session is started, the browser in client computer 32 and the server 34 exchange and verify digital certificates and public keys. [0091] In a preferred embodiment, individual sessions are created by maintaining transaction state. [0095] The current invention includes a program that regularly saves the current state of each examination session (including questions and answers) on the server. At regular intervals (preferably 60 seconds), the client browser automatically initiates a special request to the server, which causes cookie information to be recorded in a unique file. The unique file, referred to as the "cookie jar" file, thus holds a complete record of a single session in the form of 60 second snapshots. As soon as the candidate logs in again, the program offers to restore the examination in progress and does so by combining the information stored in the regular log file with the last entry in the cookie jar file for that particular candidate. The other thing the cookie jar files are useful for is tracking exactly what occurred in a particular session. For instance, it is possible to recreate 60-second snapshots of what answers the candidate selected. In other words, it is possible to recreate a candidate's entire response record).
The examiner provides the same rationale to combine prior arts Soman in view Chauhan and Miller as in claims 1 and 9 above.

As per claims 6, 14 and 20, Soman in view of Chauhan and Miller teaches:
The non-transitory computer-readable medium of claim 1, wherein the instructions that, when executed, further cause the one or more processors to perform the steps of receiving a second request for resources that are one of web content and a cloud application from a user device, wherein the request is a first request (Soman: [0022]: In other implementations, browser request module 115 may monitor the operations of the user on a local browser installed at end user device 110. This monitoring may permit browser request module 115 to identify the websites and other online resource destinations of the end user); and 
determining the second request does not require isolation, wherein the first request is rendered in isolation in a first tab of a web browser and the second request is direct, not in isolation, in a second tab of the web browser (Soman: determine whether they should be handled via the local browser or through an external browser of secure browsing service 120. The determination may be made based on the uniform resource identifiers or locators (URIs/URLs) associated with requests, the IP addresses associated with requests, or some other similar determination based on the browsing operations of the end user. [0034]: Accordingly, if the user typed in a particular URI, browser request module 115 may compare the URI to blacklist or whitelist rules to determine whether the request should be processed locally via the local browser or externally via a browser executing on a virtual machine. It is inherent that if the URI is in the whitelist, the request will be processed via the local browser. [0049] In some implementations, browser instances 751 and 753 may appear as separate tabs within a browser window on the end user device).

As per claims 7 and 15, Soman in view of Chauhan and Miller teaches:
The non-transitory computer-readable medium of claim 1, wherein the instructions that, when executed, further cause the one or more processors to perform the steps of subsequent to a logout or exiting a web browser, for the request, destroying the secure environment (Soman: [0027]: Furthermore, once the user closes the secure browser window, the virtual machine on the remote server may be refreshed or deleted, thereby cleaning any possible malware that may have been introduced by the browser execution).

As per claims 8 and 16, Soman in view of Chauhan and Miller teaches:
The non-transitory computer-readable medium of claim 1, wherein the secure environment is a virtual browser in isolation that performs the request, and wherein the instructions that, when executed, further cause the one or more processors to perform the steps of receiving a response to the request in the virtual browser; and converting the response to the image content (Soman: [0022]: Once a request by the end user corresponds to an untrusted web destination (URL or IP address) that requires the use of secure browsing service 120, a request may be transferred to the secure browsing service 120 to accommodate the secure browsing requirement. [0027] When the end user device is accessing the browser on the virtual machine using a remote desktop protocol, the graphical user interface (GUI) of the desktop is generated on the server hosting the virtual machine and the GUI image data is then encoded and transmitted over the network to the client device, where it is decoded and displayed to the user. For example, the framebuffer pixel data produced by the browser operating on the virtual machine may be encoded using a codec, such as H264, and transmitted over an Internet connection to the end user device, where the data is decoded and rendered in the secure browser window displayed on the screen of the end user device).

Claims 2, 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Soman in view of Chauhan as applied to claims 1, 9 and 17 above, and further in view of prior art of record US 20190394255 to Kolesnikov (hereinafter Kolesnikov).
As per claims 2, 10 and 18, Soman in view of Chauhan and Miller does not teach the limitations of claims 2, 10 and 18, However, Kolesnikov teaches:
wherein the user device executes a web browser that loads the image content utilizing a JavaScript application and that interacts with the image content by sending keyboard and mouse inputs via a Web Socket channel (Kolesnikov: [0054]. [0056] The remote computing device 410 and the client computing devices 420.1-n may communicate using the WebSocket protocol. [0057] The helper application 440 may be a program executing on all or portions of the remote computing device 410 configured to receive all or portions of communications from the client computing devices 4201-n and implement the communications with respect to the sessions 411.1-n. For example, each session may have a respective helper application with a respective WebSocket channel for receiving instructions. The helper application 440 may be configured to open a channel (e.g., a WebSocket channel) to receive instructions (e.g., instructions to open a new tab) from the client computing devices 420.1-n). [0063] In step 506, the remote computing device 410 may wait for input from a client computing device. The input may comprise commands associated with a displayed web page, such as clicking on a link, moving a mouse, sending voice data from a microphone, or the like. The input may be received from the input devices 422.1-n. Input may comprise commands received from a web page, such as a command to access a new web page prompted from a JavaScript application in a web page. Also, [0032]-[0033]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Kolesnikov in the invention of Soman in view of Chauhan and Miller to include the above limitations. The motivation to do so would be to provide a method of receiving and handling multiple web browser tabs in a remote web browsing session (Kolesnikov: [0005]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20170093835 to Whiteside et al: store session data related to the session responsive to transmitting the logout information.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438