Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-6, 9, 11-15, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galloway (US 2022/0103594) in view of Coleman (US 2019/0068617)

Regarding Claim 1,

 Galloway (US 2022/0103594) teaches a non-transitory computer-readable medium including instructions that, when executed, cause one or more processors associated with a user device to perform steps of:
intercepting traffic on the user device (Fig. 5, Intercept Connection Request, and associated text); 
forwarding the traffic to a cloud-based system for security processing therein (Fig. 5 and associated text, Check permission with Cloud based segmentation Controller 504); 
and responsive to unavailability of the cloud-based system preventing the forwarding (Fig. 5, Segmentation Controller not reachable), 
performing local security processing of the traffic at the user device including determining whether the traffic is allowed based on a cache at the user device, forwarding the traffic separate from the cloud-based system when it is allowed (Fig. 5, Use local cache based security rules when affirmative), 
While Galloway teaches redirecting traffic based on a cache at the user device, Galloway does not explicitly teach blocking the traffic when it is not allowed.
Coleman (US 2019/0068617) teaches blocking the traffic that is not allowed (Paragraph [0046])
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Galloway determining that the network determination is negative (Fig. 5) with blocking traffic from an untrusted network as taught by Coleman and the results would be predictable (i.e. traffic on an untrusted network would be blocked)

Regarding Claim 3,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1. Galloway teaches wherein the steps further include obtaining a list for the cache that contains pre-configured domains (Fig. 5 teaches a list of trusted networks (i.e. domains))(Paragraph [0003] teaches trusted domains).

Regarding Claim 4,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 3, wherein the list is based on a tenant associated with the user device (Paragraph [0036] teaches a list of trusted networks on behalf of a subscriber (i.e. tenant))

Regarding Claim 5,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, while Galloway teaches untrusted network is not included in the list Galloway does not explicitly teach wherein the traffic is blocked based on a domain included in the cache.
The Examiner takes Official Notice that a blacklist is well known in the art and it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Galloway with an untrusted network based on a domain included in the cache and the results would be predictable (i.e. untrusted network would be explicitly included on the list)


Regarding Claim 6,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, wherein the traffic is blocked based on a domain not being in the cache (Paragraph [0034] teaches untrusted network is outside a list of trusted networks)

Regarding Claim 9,

 Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, wherein the local security processing is configured by a tenant (Paragraph [0036-0037] teaches the subscriber configuring list of trusted networks)

Regarding Claims 11-15, 18

Claims 11-15, 18 are similar in scope to Claims 1-3, 5-6, 9 and are rejected for a similar rationale

Regarding Claim 19,

Claim 19 is similar in scope to Claim 1 and is rejected for a similar rationale.

Claim(s) 2, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galloway (US 2022/0103594) in view of Coleman (US 2019/0068617) in further view of Narayanaswamy (US 2019/0268379)

Regarding Claim 2,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, but does not explicitly teach wherein the steps further include updating the cache based on the forwarding and actions taken by the cloud-based system.
Narayanaswamy (US 2019/0268379) teaches updating the cache based on the forwarding and actions taken by the cloud-based system (Paragraph [0088] teaches periodic updates from the cloud system to the local system)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Galloway and Coleman with the updating system of Narayanaswamy
The motivation is to synchronize the cloud based rules with the local rules (Paragraph [0088])

Regarding Claim 20,

Claim 20 is similar in scope to Claim 2-3 and is rejected for a similar rationale.

Claim(s) 7, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galloway (US 2022/0103594) in view of Coleman (US 2019/0068617) in further view of Zhang (US 2018/0357294)

Regarding Claim 7,

Galloway and Coleman teach the non-transitory computer-readable medium of claim 1, but does not explicitly teach wherein the steps further include maintaining access logs locally at the user device for the local security processing; and forwarding the access logs to the cloud-based system after it is available.
Zhang (US 2018/0357294) teaches maintaining access logs locally at the user device for the local security processing; and forwarding the access logs to the cloud-based system (Paragraph [0002] teaches maintaining logs locally and the forwarding logs to the cloud)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Galloway with forwarding access logs locally to the cloud after it is available
The motivation is to maintain synchronization (Paragraph [0002])

Regarding Claim 16,

Claim 16 is similar in scope to Claim 7 and is rejected for a similar rationale.

Claim(s) 8, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galloway (US 2022/0103594) in view of Coleman (US 2019/0068617) in further view of Kapur (US 2020/0402065)

Regarding Claim 8,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, but does not explicitly teach wherein the unavailability is based on the cloud-based system being down beyond a threshold.
Kapur (US 2020/0402065) teaches wherein the unavailability is based on the cloud-based system being down beyond a threshold (Paragraph [0112] cloud environment may be deemed unavailable when a threshold number or edges are unable to communicate with the cloud)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Galloway’s unavailability with an unavailability based on threshold and the results would be predictable (i.e. unavailability due to threshold)

Regarding Claim 17,

Claim 17 is similar in scope to Claim 8 and is rejected for a similar rationale.


Claim(s) 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Galloway (US 2022/0103594) in view of Coleman (US 2019/0068617) in further view of Bosch (US 10,511,590)


Regarding Claim 10,

Galloway and Coleman teaches the non-transitory computer-readable medium of claim 1, but does not explicitly teach wherein the local security processing includes Zero Trust Network Access to an application included in an enterprise network, and wherein the steps include providing a secure connection to the application included in the enterprise network based on the cache.
Bosch (US 10,511,590) teaches Zero Trust Network Access to an application included in an enterprise network, and wherein the steps include providing a secure connection to the application included in the enterprise network (Col. 3, lines 14-30, teaches Zero-Trust networking connecting applications on mobile devise to enterprise services….rely on SSL and/or TLS”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the local security based on the cache taught by 
 Galloway with the Zero Trust Network Access of Bosch
The motivation is to remove any implied trust in the network for connecting application (Col. 3, lines 15-16 of Bosch)

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439