Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-18 are presented for examination.

Response to Arguments
Applicant’s arguments with respect to claims 1-18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Shatzkamer et al., US 2012/0227093 and further in view of Ducker et al, US 2015/0312236.

Regarding claim 1, Shatzkamer teaches a method for authorizing requests to access a resource (paragraph 0033: end node is configured to filter access to application layer resource based on a category of user, a blacklist of forbidden URIs and a white list of permitted URIs.  Also see paragraph 0039: each end node is configured with a category or a white list or a blacklist, or some combination, to describe every known application layer resource to which the user of the end node is allowed access.), comprising: 
receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address (0068: a request for a resource is sent from end node 410 in IP data packet 412. The request in the IP payload of IP data packet 412); 
determining whether a rule applies to the request to access the resource (0028: authenticate a user of a node with a given IP address; and thus map one with the other.  0038: Particular resources that are permitted or forbidden regardless of their rating in the URI database are listed in the white list and blacklist, respectively at each node enforcing the filtering process. i.e. determining whether a rule of the whitelist or the blacklist applies); 
in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization (0069: If the URI in the request is not in the white list either, then the URI in the request is checked against the category of user in the associated user cache. This includes getting the rating of the URI of the requested resource. If that rating has already been retrieved and is in cache (not shown) on the local gateway router, then that rating is compared against the acceptable values that define the category. If not in the local cache, then the URI of the requested resource is sent in IP data packet 424 to the URI database server 490); 
receiving a response to the request for authorization (0069:  URI database server retrieves the rating for the URI of the requested resource. The rating of the URI of the requested resource is sent to the gateway router 420 in IP data packet 491.).   
Shatzkamer lack or does not expressly disclose wherein the response to the request for authorization is based on a manual entry of a user.  
However, Ducker teaches wherein the response to the request for authorization is based on a manual entry of a user (paragraph 0102:  FIG. 6C shows that a text message is received while a user interface related to the authorization module requests entry of the verification code. FIG. 6D shows the full content of the text message in a text messaging application of the client device. The text message may include a verification code (e.g., “62624142”). The authorization module may receive the verification code via manual entry by the user or by accessing the text message on the client device.).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Shatzkamer with Ducker to receive an authorization request with a manual entry from the user in order to identify and authenticate a particular user, as taught by Ducker, paragraph 0102.
Shatzkamer, as modified above, further discloses
in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource (0069: That rating is compared against the acceptable values that define the category. If the rating does not match the acceptable values, then the request is blocked. If the rating does match, then the request is allowed). Regarding claim 2, Shatzkamer teaches the method of claim 1, wherein the hardware processor is part of one of a gateway and a router (0018: an enterprise network connected to the public Internet through a service gateway router that enforces user-sensitive filtering of application layer resources that are identified by URIs.  Also see service gateway 160). Regarding claim 3, Shatzkamer teaches the method of claim 1, wherein the request for authorization is sent to an administrator device via an authorization server (Fig. 6 and 0075: is received as manual input from a network administrator on the local or a remote node.  0027: Internet 102b includes service gateway 160, an authentication, authorization and accounting (AAA) server 114, a URI database server 116, and one or more other servers, including server 170a, server 170b, server 170c, server 170d (collectively referenced hereinafter as servers 170). ). Regarding claim 4, Shatzkamer teaches the method of claim 1, wherein the request for authorization is sent directly to an administrator device (Fig. 6 and 0075: is received as manual input from a network administrator on the local or a remote node.  0027: Internet 102b includes service gateway 160, an authentication, authorization and accounting (AAA) server 114, a URI database server 116, and one or more other servers, including server 170a, server 170b, server 170c, server 170d (collectively referenced hereinafter as servers 170). Also see paragraph 0064-0065, figs. 4 and 6: the request for authorization is sent to and administrator device via and authorization server ). Regarding claim 5, Shatzkamer teaches the method of claim 1, further comprising: blocking access to the resource by the IP address after a period of time from the response to the request for authorization indicating that access is authorized (fig. 6 and paragraph 0082: control passes to step 632 to block the request. In some embodiments, step 632 includes sending a message back the particular IP address that indicates the request has been blocked.). Regarding claim 6, Shatzkamer teaches the method of claim 1, further comprising: adding the IP address to a whitelist (0039: each end node is configured with a category or a white list or a blacklist, or some combination, to describe every known application layer resource to which the user of the end node is allowed access.).

As per claims 7-12 and 13-18, this is a system and computer readable medium version of the claimed method discussed above in claims 1-6 wherein all claimed limitations have also been addressed and/or cited as set forth above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  
	US 2004/0075683 to Savage teaches the authorization module 20 on the client device receives a user login information 15 through manual entry of a user id, insertion of a smart card, biometrics, or in a similar manner. The authorization module 20 submits an authorization request for validation 25.
US 10,623,390 to Rosenhouse teaches an application developer to open a ticket with a security administrator in order to have the IP address of the application 110 whitelisted at the legacy firewall. 
	US 2015/0249672 to Burns et al. teaches system-agnostic IoT devices can be added to the private network seamlessly and without user configuration. Further, the system prevents nefarious access to IoT devices by first determining what APIs are requested by applications on the public network and then requesting authorization for such access from a user. As such, no access to the private network and its IoT devices occurs unless explicitly authorized by a user.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUBREY H WYSZYNSKI whose telephone number is (571)272-8155. The examiner can normally be reached M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KAMBIZ ZAND can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUBREY H WYSZYNSKI/Examiner, Art Unit 2434                                                                                                                                                                                                        /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434