Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This communication is in response to Application No. 17/679,915 filed on 24 February 2022. The response filed 30 November 2022 amends claims 1, 4-6, 8, 11-15, 18-21, and 24-27, and presents arguments is hereby acknowledged. 	Claims 1-27 are presented for examination.

Response to Arguments
The response filed 30 November 2022 addresses the Double Patenting rejections made on the 30 August 2022 Non-Final Rejection. Applicant arguments and amendments have been fully considered. The Terminal Disclaimer filed 30 November 2022 is found persuasive. Therefore, all of the Double Patenting rejections are hereby withdrawn.

Independent Claims 1, 8, 15, and 21
On pages 9-13 of the response filed 30 November 2022, Applicant addresses the 35 U.S.C. 103 rejection made on the 30 August 2022 Non-Final Rejection. Applicant’s arguments, regarding the rejections under 35 U.S.C. 103, have been fully considered.
On pages 9-13, Applicant argues that the Alvarez/Gundamaraju system fails to teach or suggest “based on a first message associated with establishing a communication session between a source host device and a destination host device, sending an authorization request associated with the communication session, wherein the first message is sent by the destination host device and destined for the source host device.” Applicant argues that “the PCCs described in Alvarez are intermediary devices between a source and a destination in the network.” Further, Applicant argues that “the path computation request 1322 described by Alvarez is not sent from either the source or the destination” and “the ‘path computation request 1322’ taught by Alvarez does not read on the claimed ‘first message’ of amended claim 1, because the path computation request 1322 is not sent by the destination and destined for the source.” Even further, Applicant argues that Gundamaraju does not cure the deficiencies of Alvarez in this regard. 	Examiner respectfully agrees and finds this argument persuasive. Alvarez of the Alvarez/Gundamaraju system fails to teach or suggest “sending an authorization request associated with the communication session, wherein the first message is sent by the destination host device and destined for the source host device.” Therefore, Examiner finds this argument persuasive. 

Dependent Claims 2-7, 9-14, 16-20, and 22-27
On pages 9-13 of the response filed 30 November 2022, Applicant addresses the 35 U.S.C. 103 rejection made on the 30 August 2022 Non-Final Rejection. Applicant submits that these claims are allowable at least as depending from an allowable independent claim, and further in view of the amendments to the independent claims, and the comments provided above.  	As per the comments above, Examiner found the arguments persuasive. With regards to allowability, Examiner has conducted a search and applied new art. Thus, a new rejection is established against the independent claims.

Allowable Subject Matter
Claims 4, 11, 18, and 24 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Interpretation
Claims 1, 8, 15, and 21 recite a source host device and a destination host device. The host devices are identified based on sending or receiving messages. Therefore, Examiner interprets the “destination host device” to be a first host device and the “source host device” to be a second host device.
Claims 1, 8, 15, and 21 recite “based on a first message associated with establishing a communication session between a source host device and a destination host device.” Examiner interprets this to be an intended use limitation. The claims later repeat the information in the clause “wherein the first message causes the communication session to be established.” Therefore, Examiner interprets this to be an intended use limitation and will not be given any patentable weight.
Claims 1, 8, 15, and 21 recite “destined for the source host device.” Examiner interprets this phrase to be intended use. It appears that the first message sent by the destination device is intercepted by a policy enforcement device (i.e., claims 6-8 and 10-14) and then later forwarded to the source host device. This interpretation is supported by the 28 October 2022 Examiner Interview Summary. Therefore, Examiner interprets this to be an intended use limitation and will not be given any patentable weight.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 1, 8, 15, and 21 recite “based on the authorization message, sending the first message to the source host device.” This limitation contradicts the earlier limitation “wherein the first message is sent by the destination host device and destined for the source host device.” Thus, this claim is indefinite. Applicant’s specification discusses a Policy Enforcement Point that acts as an intermediary between a destination host device and a source host device. Therefore, for the purpose of this examination, Examiner will interpret the earlier limitation “wherein the first message is sent by the destination host device and destined for the source host device” to mean “wherein the first message is received from the destination host device.”
Claims 2-7, 9-14, 16-20, and 22-27 fail to cure the deficiencies of their parent claim(s) and, therefore, inherit the rejections.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6-10, 13-17, 21-23, and 25 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPUB 2015/0200821 A1 to Sade et al and US PGPUB 2017/0272470 Al to Gundamaraju et al.
Regarding Claim 1, Sade discloses a method comprising:  	based on a first message associated with establishing a communication session between a source host device and a destination host device (Examiner interprets this to be an intended use limitation), sending an authorization request associated with the communication session (FIG. 3A, 0073, and 0138 provides for sending an authorization request to PAMS 280 for privileged credentials), wherein the first message is sent by the destination host device and destined for the source host device (0053 and 0066 provides for wherein the initiate request is sent by user client);  	receiving an authorization message in response to the authorization request (0073 and 0138 provides for receiving privileged credentials in response to the request to PAMS); and  	based on the authorization message (0073, 0103, and 0138 provides for based on the privileged credentials) and wherein the first message causes the communication session to be established (0073 provides for authenticating the user prior to establishing the session).  	Sade doesn’t explicitly disclose sending the first message to the source host device. 	Gundamaraju, in a similar field of endeavor, discloses sending a first message to a source host device (FIG. 2 and 0027 provides for sending a SYN message 202 to a HTTP server 130). 	One of ordinary skill in the art before the effectively filed date of the claimed invention would have recognized the ability to utilize the teachings of Gundamaraju for establishing sessions using a three-way handshake. The 3-way handshake of Gundamaraju, when implemented with the session monitoring system of the Sade system, will allow one of ordinary skill in the art to forward the Initiate request from a user client on to a target system, in order to establish a session between nodes based on policy information. Therefore, the examiner concludes it would have been obvious to one of ordinary skill in the art before the effective filing date of the application to utilize the 3-way handshake of Gundamaraju with the session monitoring system of the Sade system for the desirable purpose of enforcing policy decisions prior to establishing a session.
Regarding Claim 2, the Sade/Gundamaraju system discloses the method of claim 1, wherein the first message comprises at least one of:  	a synchronization message configured to establish the communication session (Gundamaraju, 0027 provides for SYN packet); or  	a sequence number associated with the communication session. 	Same motivation as claim 1.
Regarding Claim 3, the Sade/Gundamaraju system discloses the method of claim 1, further comprising: sending, to the destination host device, a second message associated with the communication session (Gundamaraju, 0021 and 0027 provides for the PEP is within the 3-way handshake), wherein the second message comprises at least one of:  	a synchronization-response message associated with the communication session (Gundamaraju, FIG. 2 and 0027 provides for SYN/ACK packet);  	an acknowledgement message associated with the communication session; or  	a sequence number associated with the communication session. 	Same motivation as claim 1.
Regarding Claim 6, the Sade/Gundamaraju system discloses the method of claim 1, wherein sending the authorization request comprises: sending, by a first policy enforcement device, the authorization request (Sade, 0168 provides for sending, by proxy server, access policies).
Regarding Claim 7, the Sade/Gundamaraju system discloses the method of claim 6, further comprising:  	receiving, by a second policy enforcement device, the authorization message (Sade, FIG. 3A and 0073 provides for receiving, from PAMS 280, privileged credentials that authorize the user); and  	based on the authorization message, sending, by the second policy enforcement point, the first message to the source host device, wherein the first message causes the communication session to be established (Gundamaraju, FIG. 1, 0021-0022, and 0027 provides for based on policy decision, sending, by PEP/PGW 112, a SYN message to UE 102, wherein SYN message cause a connection between HTTP server 130 and UE 102). 	Same motivation as claim 1.
Regarding Claim 8, similar rejection where the method of claim 1 teaches the system of claim 8.
Regarding Claim 9, similar rejection where the method of claim 2 teaches the system of claim 9.
Regarding Claim 10, similar rejection where the method of claim 3 teaches the system of claim 10.
Regarding Claim 13, similar rejection where the method of claim 7 teaches the system of claim 13.
Regarding Claim 14, similar rejection where the method of claim 7 teaches the system of claim 14.
Regarding Claim 15, similar rejection where the method of claim 1 teaches the non-transitory computer readable medium of claim 15.
Regarding Claim 16, similar rejection where the method of claim 2 teaches the non-transitory computer readable medium of claim 16.
Regarding Claim 17, similar rejection where the method of claim 3 teaches the non-transitory computer readable medium of claim 17.
Regarding Claim 21, similar rejection where the method of claim 1 teaches the apparatus of claim 21.
Regarding Claim 22, similar rejection where the method of claim 2 teaches the apparatus of claim 22.
Regarding Claim 23, similar rejection where the method of claim 3 teaches the apparatus of claim 23.
Regarding Claim 25, the Sade/Gundamaraju system discloses the apparatus of claim 21, wherein the first computing device comprises a policy decision device (Gundamaraju, 0021 provides for a policy decision point, or PDP). 	Same motivation as claim 21.

Claims 5, 12, 19, 20, and 26-28 are rejected under 35 U.S.C. 103 as being unpatentable over the Sade/Gundamaraju system as applied to claims 1, 8, 15, and 21 above, and further in view of US Patent 8,352,998 B1 to Kougiouris et al.
Regarding Claim 5, the Sade/Gundamaraju system discloses the method of claim 1. 	The Sade/Gundamaraju system doesn’t explicitly disclose based on a message associated with ending the communication session, sending  an indication that the communication session has ended; and determining that the communication session is no longer authorized based on an update message, wherein the update message is received in response to the indication that the communication session has ended. 	Kougiouris, in a similar field of endeavor, discloses based on a message associated with ending a communication session (col. 21 line 49-col. 22 line 3 provides for based on a deny access message), sending an indication that the communication session has ended (FIG. 7, col. 6 lines 46-61, and col. 21 line 49-col. 22 line 3 provides for sending a network access decision 770 to deny access); and  	determining that the communication session is no longer authorized based on an update message (FIG. 7 and col. 21 line 49-col. 22 line 3 provides for determining that that network device may deny access to resources based on updated enforcement instructions), wherein the update message is received in response to the indication that the communication session has ended (col. 21 line 49-col. 22 line 3 provides for decision 770 results in determining that that network device may deny access to resources). 	One of ordinary skill in the art before the effectively filed date of the claimed invention would have recognized the ability to utilize the teachings of Kougiouris for permitting or denying access to resources. The updated enforcement instructions of Kougiouris, when implemented with the path computation of the Sade/Gundamaraju system, will allow one of ordinary skill in the art to obtain updated policy decisions, in order to discontinue a session between nodes based on policy information. Therefore, the examiner concludes it would have been obvious to one of ordinary skill in the art before the effective filing date of the application to utilize the updated enforcement instructions of Kougiouris with the path computation of the Sade/Gundamaraju system for the desirable purpose of enforcing policy decisions within a session.
Regarding Claim 12, similar rejection where the method of claim 5 teaches the system of claim 12.
Regarding Claim 19, similar rejection where the method of claim 5 teaches the non-transitory computer readable medium of claim 19.
Regarding Claim 20, similar rejection where the method of claim 5 teaches the non-transitory computer readable medium of claim 20.
Regarding Claim 26, similar rejection where the method of claim 5 teaches the apparatus of claim 26.
Regarding Claim 27, similar rejection where the method of claim 5 teaches the apparatus of claim 27.
Regarding Claim 28, similar rejection where the method of claim 5 teaches the apparatus of claim 28.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US PGPUB 2017/0187751 A1 to Andrews et al discloses intercepting requests between a client and a resource server.
US Patent 11,252,190 B1 to Sharifi Mehr discloses forwarding an authorize request to authorization server.
US PGPUB 2020/0195649 A1 to He et al discloses define an access control model for each individual client’s respective needs.
US PGPUB 2020/0120083 A1 to Kaladgi et al discloses obtaining policies from an authorization server.
NPL Science Direct discloses a client initiating a three-way handshake with a server via a SYN packet.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SCHQUITA GOODWIN whose telephone number is (571)272-5477. The examiner can normally be reached M-F 9am - 5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tonia Dollinger can be reached on (571) 272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SCHQUITA D GOODWIN/Primary Examiner, Art Unit 2459