DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pages 6-7, filed September 24, 2025, with respect to the rejection(s) of claim(s) 1-20 under 35 USC 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of US patent 12,506,622 granted to Narayanaswamy et al.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 6-13 and 16-21 are rejected under 35 U.S.C. 103 as being unpatentable over US patent publication 20190372783 granted to Martinez et al and further in view of US patent 9,294,468 granted to Kilbourn and US patent 12,506,622 granted to Narayanaswamy et al.
Regarding claim 1, Martinez discloses a method and system for monitoring access to one or more private applications; responsive to identifying a request to access an application of the one or more private applications, generating a certificate {see Abstract, paragraph [0030] (automatically generating app-specific certificates in response to access permission or launch of the packaged application)}. Martinez further teaches utilizing the generated certificate to provide access to the application by stitching together a connection between a user and the application {see paragraph [0037] (establish a connection between the server and the client in the packaged application using the automatically generated certificates)}. Martinez further teaches utilizing one or more Certificate Authority (CA) certificates to sign the generated certificate, thereby confirming an authenticity of the generated certificate {see Martinez, paragraph [0040] (the connection component 134 can identify the web server 106 as a trusted certificate authority and use the public key of the web server 106 to authenticate a digital signature included in the received certificate)}. Martinez fails to specifically teach providing the generated certificate to a broker. In an analogous art, Kilbourn discloses a method and system where a brokering service is used for coordinating the generation and maintenance of application-level certificates (see column 2, lines 47-64). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kilbourn's broker service with Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the two in order to reduce the need for long-lived certificates by a central authority for every application on the network system (see Kilbourn; Column 1, lines 49-53.). Martinez and Kilbourn as combined fail to specifically teach receiving one or more CA certificates. In an analogous art, Narayanaswamy teaches a method for securely connecting users and cloud apps where a chain of certificates are received and used to sign a certificate generated for an end-entity {see Abstract; column 15, lines 1-33 (Certificate 900A, respective to intermediate certificate authority 844 and signed by root certificate authority 864 . . .); column 17, lines 30-55 (. . . intermediate domain-specific certificate authority that holds a certificate authority (CA) certificate that operation browsers, operated by users in the organization, recognize to be authorized to sign end-entity certificates by virtue of being chained to a root certificate . . . Many implementations of the disclosed method comprise the inspection proxy receiving . . . organization certificate from the organization CA . . .) and Figure 9}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Narayanaswamy’s method for securely connecting users and cloud apps with Kilbourn's broker service and Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the references in order to reduce the risk of a customer’s data from being leaked to an unauthorized entity (see Narayanaswamy; column 3, lines 50-64).
Regarding claim 2, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Martinez teaches the certificate is a web application certificate {see Martinez, paragraph [0045] (generating a certificate at a web server of the packaged application at stage 204)}.
Regarding claim 3, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Kilbourn discloses stitching together the connection between the user and the application includes stitching together a connection between a user device associated with the user and a cloud-based system and a connection between an application connector associated with the application and the cloud-based system (see column 2, lines 26-46). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kilbourn's broker service with Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the two in order to reduce the need for long-lived certificates by a central authority for every application on the network system (see Kilbourn; Column 1, lines 49-53.).
Regarding claim 6, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Narayanaswamy teaches the one or more CA certificates are received and utilized on a per-tenant basis {see column 13, lines 34-37 (. . . HSM 532 processes a single operation per tenant from provisioning service 366. . . Continuing the description of FIG. 5, when a new tenant is created, provisioning service 366 generates an intermediate CA key pair . . .) and Figure 5}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Narayanaswamy’s method for securely connecting users and cloud apps with Kilbourn's broker service and Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the references in order to reduce the risk of a customer’s data from being leaked to an unauthorized entity (see Narayanaswamy; column 3, lines 50-64).
Regarding claim 7, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Narayanaswamy wherein the steps are only performed responsive to identifying secure traffic via the monitoring {see column 20, lines 44-50 (. . . The relaying of traffic may include at least one of decrypting session traffic received from the organization browser and encrypting session traffic sent to the organization browser. At least some of the session traffic that is relayed during the session is inspected by the respective inspection proxy, applying rules supplied by the organization to the distinct entity. . .}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Narayanaswamy’s method for securely connecting users and cloud apps with Kilbourn's broker service and Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the references in order to reduce the risk of a customer’s data from being leaked to an unauthorized entity (see Narayanaswamy; column 3, lines 50-64).
Regarding claim 8, Martinez as modified discloses everything claimed as applied above (see claim 7), in addition Narayanaswamy wherein the secure traffic includes Hypertext Transfer Protocol Secure (HTTPS) traffic {see column 20, lines 44-50}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Narayanaswamy’s method for securely connecting users and cloud apps with Kilbourn's broker service and Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the references in order to reduce the risk of a customer’s data from being leaked to an unauthorized entity (see Narayanaswamy; column 3, lines 50-64).
Regarding claim 9, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Kilbourn discloses the steps are performed by one or more application connectors associated with the one or more private applications (see column 2, lines 26-46). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kilbourn's broker service with Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the two in order to reduce the need for long-lived certificates by a central authority for every application on the network system (see Kilbourn; Column 1, lines 49-53.)
Regarding claim 10, Martinez as modified discloses everything claimed as applied above (see claim 1), in addition Kilbourn discloses the steps are performed by an automated certificate generation service associated with a cloud-based system, and wherein on request from an application connector, the automated certificate generation service generates and digitally signs certificates (see column 2, lines 26-46). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kilbourn's broker service with Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the two in order to reduce the need for long-lived certificates by a central authority for every application on the network system (see Kilbourn; Column 1, lines 49-53.)
Claims 11-13 and 16-20 are non-transitory computer-readable medium claims that are substantially equivalent to method claims 1-3 and 6-10. Therefore claims 11-13 and 16-20 are rejected by a similar rationale.
Regarding claim 21, Martinez discloses a method and system for monitoring access to one or more private applications; responsive to identifying a request to access an application of the one or more private applications, generating a certificate {see Abstract, paragraph [0030] (automatically generating app-specific certificates in response to access permission or launch of the packaged application)}. Martinez further teaches utilizing the generated certificate to provide access to the application by stitching together a connection between a user and the application {see paragraph [0037] (establish a connection between the server and the client in the packaged application using the automatically generated certificates)}. Martinez further teaches utilizing one or more Certificate Authority (CA) certificates to sign the generated certificate, thereby confirming an authenticity of the generated certificate {see Martinez, paragraph [0040] (the connection component 134 can identify the web server 106 as a trusted certificate authority and use the public key of the web server 106 to authenticate a digital signature included in the received certificate)}. Martinez fails to specifically teach providing the generated certificate to a broker. In an analogous art, Kilbourn discloses a method and system where a brokering service is used for coordinating the generation and maintenance of application-level certificates (see column 2, lines 47-64). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kilbourn's broker service with Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the two in order to reduce the need for long-lived certificates by a central authority for every application on the network system (see Kilbourn; Column 1, lines 49-53.). Martinez and Kilbourn as combined fail to specifically teach receiving one or more CA certificates. In an analogous art, Narayanaswamy teaches a method for securely connecting users and cloud apps where a chain of certificates are received and used to sign a certificate generated for an end-entity {see Abstract; column 15, lines 1-33 (Certificate 900A, respective to intermediate certificate authority 844 and signed by root certificate authority 864 . . .); column 17, lines 30-55 (. . . intermediate domain-specific certificate authority that holds a certificate authority (CA) certificate that operation browsers, operated by users in the organization, recognize to be authorized to sign end-entity certificates by virtue of being chained to a root certificate . . . Many implementations of the disclosed method comprise the inspection proxy receiving . . . organization certificate from the organization CA . . .) and Figure 9}. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Narayanaswamy’s method for securely connecting users and cloud apps with Kilbourn's broker service and Martinez's method of accessing enterprise applications. One of ordinary skill in the art would have been motivated to combine the references in order to reduce the risk of a customer’s data from being leaked to an unauthorized entity (see Narayanaswamy; column 3, lines 50-64).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW B SMITHERS whose telephone number is (571)272-3876. The examiner can normally be reached 8:00-4:00 (Teleworking).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Lagor can be reached at 571-270-5143. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MATTHEW SMITHERS/
Primary Examiner
Art Unit 2437