SYSTEMS AND METHODS FOR CONNECTING TO SECURE COMPUTER SYSTEMS

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 01/20/2026 has been entered. As per instant Amendment, Claim 2 were canceled; Claims 1, 19 and 20 are independent claims. Claims 1 and 3-20 have been examined and are pending. This Action is made Non-FINAL. Response to Arguments Applicants’ arguments in the instant Amendment, filed on 01/20/2026, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant’s arguments: “[T]he Cited References Fail to Teach or Suggest an Intermediary Backend System that Aggregates Per-Customer, Per-System Connection-Type Data.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Baer discloses retrieving, in a first intermediary backend system from one or more external systems, connectivity data for a plurality of secure computer systems (Baer: col. 3 lines 21-26 a resource manager 110 [] determine whether that user has an existing account with the resource provider, where the account data may be stored in at least one data store 112 in the provider environment; col. 1 lines 66-67 through col. 2 lines 1-3 an SSH bastion service [i.e., intermediary] can be operated in the resource provider environment that provides authentication and authorization of the connection request and establishes separate SSH connections with target resource instances of the customer allocation). More specifically, Baer discloses provide for the management of secure connections, such as secure shell (SSH) connections or remote desktop protocol (RDP) connections, in a multi-tenant environment. A customer of a resource provider environment may have various resource instances executing as part of a customer allocation, which functions as a virtual private network in the resource provider environment. An SSH bastion service can be operated in the resource provider environment that pro vides authentication and authorization of the connection request and establishes separate SSH connections with target resource instances of the customer allocation [col. 1 line60-67 through col. 2 line 9]. However, new reference discloses connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator (Lee: par. 0032) connectivity data [] refer to any data or information that indicates the identity, characteristics, type, and/or contact information of a communication group that may be used by a mobile device to communicate with devices and/or members associated with the communication group. For example, connectivity data may be an Internet protocol (IP) address to a server [] uniform resource locator (URL)). Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “[T]he Cited References Fail to Teach or Suggest User-Selectable Connection Types that Drive Backend Tunnel Configuration.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Baer discloses configuring, by the first intermediary backend system, one or more tunnel proxy servers to establish a connection, having the first connection type, between the remote connectivity frontend system and the first secure computer system of the plurality of secure computer systems (Baer: col. 4 lines 62-67 the SSH client 202 can cause a secure channel to be established between the client device 102 and the SSH server 210 of the customer allocation 204. The encryption provided by the SSH connection enables sensitive data to be securely transmitted to the customer allocation 204 over the at least one network 104). More specifically, Baer discloses the bastion has access to the public key of the connecting user and has determined that the user is authorized to connect to the requested instance. Thus, the bastion can publish the public key to the physical machine hosting the target instance. The machine then stores a file that contains the public key that is to be used to connect to the instance. Control can then be returned to the customer's SSH client, which can connect through the established bastion tunnel to the port on the target instance. The public key can then be used for SSH authentication on the SSH server of the target instance The bastion service 302 determines a network path over the wire over which packets for the secure connection can be routed to the target resource instance 208. The service can utilize SSH tunneling which can effectively route the stdin/stdout of the SSH connection to the port on the target instance. This effectively establishes a separate secure path between the bastion service 302 and the target resource instance 208 [col. 7 lines 8-26]. Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “[T]he Cited References Fail to Teach or Suggest Automatic Application Launch Based on the Selected Connection Type.” Applicant’s arguments with respect to amended limitation in claims 1, 19 and 20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The new reference TRABELSI et al. (US 2019/0372983) used to address the limitation launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system (Trabelsi: par. 0142 a user may attempt to use an RDP client [] in the "Personal Security Zone" to connect to an RDP server in the corporate network [] the network security zone automatically detects the socket connection Request [] and automatically launches the RDP client in the "Corporate Security Zone" with the target server as parameter). Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “[C]laim 18 is not obvious in view of Bear in view of Lee in further view of McGovern.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Baer discloses wherein the entity defined constraints specify at least one valid reason for accessing a particular secure computer system, wherein the first intermediary frontend system displays a plurality of reasons to the first user, and wherein when the first user selects a reason that matches the at least one valid reason, then access is granted, and wherein when the first user selects a reason that does not match the at least one valid reason, then access is denied, the method further comprising logging a plurality of selected reasons resulting in denials of access (Baer: col. 9 lines 5-11 the bastion service can attempt to determine 506 whether the access credential (or set of credentials) associated with the request can be authenticated. The credentials can be a public cryptographic key transmitted with the request, for example, which can be compared against a private key previously obtained or determined for the customer or device requesting access; lines 23-26 the determination result can be returned to the bastion service, and if it is determined 506 that the credential unable to be successfully authenticated then the request can be denied 508; lines 30-33 an attempt can be made to determine 512 whether the source of the request is authorized to access , or communicate with, the target resource instance; lines 44-53 if the source of the request is determined 514 to be able to access the target resource instance the bastion service can establish 520 a network path between the bastion service and the relevant port (e.g., port 22) on the target resource instance, such as by routing the SSH traffic to the port on the target instance through a tunneling or other such routing process). More specifically, Baer discloses a bastion service can support connections directly from a customer allocation management console, or other such component. A customer accessing such a console can specify an instance and select an option to establish a secure connection to that instance [col 5 lines 40-44] and A user associated with the customer can access a management console or other such interface and select an option to securely connect to a specified resource instance, and the bastion service can take care of performing the authentication and generating the connection, here through a pair of connections joined by the bastion service. The policies can grant permissions to establish SSH connections to specific instances, or all instances, associated with a customer allocation or otherwise accessible in the resource provider environment [col. 7 lines 63-67 through col. 8 lines 1-5]. Further McGovern disclose generating a security audit when a number of reasons resulting in denials meets a threshold (McGovern: col. 16 lines 66-67 through col. 17 lines 1-8 a policy based alert may be any notification or report such as an automatically generated and transmitted message corresponding to a policy enforcement action (e.g., an email, SMS message, electronic message, instant message, a popup message, an indicator, or the like generated based on an approved, denied, partially approved, or partially denied access request), an automatically generated and transmitted message corresponding to reaching a threshold point (e.g., a threshold number of access requests, access approvals, access denials, or the like)). More specifically, McGovern discloses as shown in FIG. 6, the system may determine an amount of data accessed by an endpoint during a first time frame at step 610 and determine that the amount of data accessed exceeds a data access threshold amount at step 620.At step 630, the endpoint device may be prevented from performing the restricted action (e.g., receiving access to data) based on the determination. It will be understood that multiple conditions may be included in a policy and, accordingly, although the data request meets one on or more conditions, one or more other conditions may prevent an endpoint device from receiving the data [col. 7 lines 14-24]. Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “[L]ack of Motivation to Combine and Impermissible Hindsight.” In response to applicant's argument that the examiner's conclusion of obviousness is based upon improper hindsight reasoning, it must be recognized that any judgment on obviousness is in a sense necessarily a reconstruction based upon hindsight reasoning. But so long as it takes into account only knowledge which was within the level of ordinary skill at the time the claimed invention was made, and does not include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. See In re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). Therefore, the examiner finds this argument not persuasive. The amended claims 1, 19 and 20 have been addressed in rejection below. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1, 6-7, 9-10, 12-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Baer et al. (“Baer,” US 10511584) in view of Lee et al. (“Lee,” US 2014/0056172) and TRABELSI et al. (“Trabelsi,” US 2019/0372983). Regarding claim 1: Baer discloses a method of connecting computer systems comprising: retrieving, in a first intermediary backend system from one or more external systems, connectivity data for a plurality of secure computer systems (Baer: col. 3 lines 21-26 a resource manager 110 [] determine whether that user has an existing account with the resource provider, where the account data may be stored in at least one data store 112 in the provider environment; col. 1 lines 66-67 through col. 2 lines 1-3 an SSH bastion service [i.e., intermediary] can be operated in the resource provider environment that provides authentication and authorization of the connection request and establishes separate SSH connections with target resource instances of the customer allocation); receiving, in the first intermediary backend system, a connection request from a remote connectivity frontend system, the remote connectivity frontend system having been accessed by a first user (Baer: col. 3 lines 7-12 user wanting to utilize a portion of the resources 114 can submit a request that is received to an interface layer 108 of the provider environment 106. The interface layer can include application programming interfaces (APIs) or other exposed interfaces enabling a user to submit requests to the provider environment); authenticating, in the first intermediary backend system, the first user to grant access by the first user to a first intermediary frontend system coupled to the first intermediary backend system with access to the connectivity data (Baer: col. 5 lines 2-5 SSH uses public key cryptography to authenticate the client device 102, or a user of the client device, among other such options. Authentication can be obtained [] through use of a public-private key pair); receiving, from the first user in the first intermediary frontend system, a selection of a first connection type selected from the plurality of connection types for each of the plurality of secure computer systems and a first secure computer system of the plurality of secure computer systems (Baer: col. 5 lines 42-44 a customer accessing such a console can specify an instance and select an option to establish a secure connection to that instance; lines 52-57 the customer can specify the target instance, such as through the command to be executed by the bastion service. An SSH server of the bastion service can then route the traffic to the target instance along a determined network path using, for example, port 22 for SSH traffic); and configuring, by the first intermediary backend system, one or more tunnel proxy servers to establish a connection, having the first connection type, between the remote connectivity frontend system and the first secure computer system of the plurality of secure computer systems (Baer: col. 4 lines 62-67 the SSH client 202 can cause a secure channel to be established between the client device 102 and the SSH server 210 of the customer allocation 204. The encryption provided by the SSH connection enables sensitive data to be securely transmitted to the customer allocation 204 over the at least one network 104). Baer does not explicitly disclose the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. However, Lee discloses the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator (Lee: par. 0032 connectivity data [] refer to any data or information that indicates the identity, characteristics, type, and/or contact information of a communication group that may be used by a mobile device to communicate with devices and/or members associated with the communication group. For example, connectivity data may be an Internet protocol (IP) address to a server [] uniform resource locator (URL)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Lee with the system/method of Baer to include the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. One would have been motivated to provide methods for a mobile device to provide information for joining the communication group, such as a URL, group call information and connectivity data (Lee: par. 0034). Baer in view of Lee does not explicitly disclose automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. However, Trabelsi discloses automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system (Trabelsi: par. 0132 a user launches an application on a primary VM that depends on connectivity to a particular remote server (e.g., a web browser, an RDP client, an SSH client, and the like); par. 0142 a user may attempt to use an RDP client [] in the "Personal Security Zone" to connect to an RDP server in the corporate network [] the network security zone automatically detects the socket connection Request [] and automatically launches the RDP client in the "Corporate Security Zone" with the target server as parameter). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Trabelsi with the system/method of Baer and Lee to include automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. One would have been motivated to seamlessly launching an application in an appropriate virtual machine within a security zone (Trabelsi: par. 0012). Regarding claim 6: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer further discloses wherein the first secure computer system comprises a user account login and password dedicated to the first user, and after establishing a connection, having the first connection type, between the remote connectivity frontend system and the first secure computer system, the first user accesses the first secure computer system by entering the user account login and password (Baer: col. 3 lines 24-38 a user can provide any of various types of credentials [] the credentials can include, for example, a username and password pair, biometric data, a digital signature, or other such information [] the resource manager can determine whether there are adequate resources available to suit the user's request, and if so can provision the resources or otherwise grant access to the corresponding portion of those resources for use by the user for an amount specified by the request). Regarding claim 7: Baer in view of Lee and Trabelsi discloses the method of claim 1. Lee further discloses wherein an external system of the one or more external system comprises a database storing connectivity data for the plurality of secure computer systems (Lee: par. 0047 the server 110 may maintain databases of contact information for particular groups or classifications of persons). The motivation is the same that of claim 1 above. Regarding claim 9: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer further discloses wherein a tunnel proxy server of the one or more tunnel proxy servers establishes a connection to the first secure computer system through a cloud gateway (Baer: col. 7 lines 21-24 the service can utilize SSH tunneling, which can effectively route the stdin/stdout of the SSH connection to the port on the target instance). Regarding claim 10: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer further discloses wherein a tunnel proxy server of the one or more tunnel proxy servers establishes a connection to the first secure computer system through a plurality of software routers (Baer: col. 9 lines 49-53 the bastion service can establish 520 a network path between the bastion service and the relevant port (e.g., port 22) on the target resource instance, such as by routing the SSH traffic to the port on the target instance through a tunneling or other such routing process). Regarding claim 12: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer further discloses wherein the plurality of secure computer systems comprise a plurality of secure computer systems for a plurality of entities, and wherein the first user selects a first entity from the plurality of entities in the first intermediary frontend system and the first user is presented with a portion of the plurality of secure computer systems for the first entity (Baer: col. 7 lines 63-66 connection capability through use of a bastion service 302 can enable customers to establish secure connections to their resource instances where the established for their resource allocation. A user associated with the customer can access a management console or other such interface and select an option to securely connect to a specified resource instance). Regarding claim 13: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer further discloses wherein the connectivity data comprises entity defined constraints to limit access to the plurality of secure computer systems for a plurality of entities (Baer: col. 3 lines 33-38 the resource manager can determine whether there are adequate resources available to suit the user's request, and if so [] grant access to the corresponding portion of those resources for use by the user for an amount specified by the request). Regarding claim 14: Baer in view of Lee and Trabelsi discloses the method of claim 13. Baer further discloses wherein the entity defined constraints specify allowable connection types (Baer: col. 8 lines 2-5 the policies can grant permissions to establish SSH connections to specific instances, or all instances, associated with a customer allocation or otherwise accessible in the resource provider environment). Regarding claim 15: Baer in view of Lee and Trabelsi discloses the method of claim 13. Baer further discloses wherein the entity defined constraints specify at least a portion of profile information associated with the first user, wherein the first intermediary backend system retrieves first profile information associated with the first user and denies access to some or all of the connection types based on one or more elements of the profile information associated with the first user (Baer: col. 9 lines 5-11 the bastion service can attempt to determine 506 whether the access credential (or set of credentials) associated with the request can be authenticated. The credentials can be a public cryptographic key transmitted with the request, for example, which can be compared against a private key previously obtained or determined for the customer or device requesting access; lines 23-26 the determination result can be returned to the bastion service, and if it is determined 506 that the credential unable to be successfully authenticated then the request can be denied 508). Regarding claim 19: Baer discloses a computer system comprising: at least one processor (Baer: fig. 6 item 602 processor); at least one non-transitory computer readable medium storing computer executable instructions that, when executed by the at least one processor (Baer: fig. 6 item 606 Memory), cause the computer system to perform a method of connecting computer systems comprising: retrieving, in a first intermediary backend system from one or more external systems, connectivity data for a plurality of secure computer systems (Baer: col. 3 lines 21-26 a resource manager 110 [] determine whether that user has an existing account with the resource provider, where the account data may be stored in at least one data store 112 in the provider environment; col. 1 lines 66-67 through col. 2 lines 1-3 an SSH bastion service [i.e., intermediary] can be operated in the resource provider environment that provides authentication and authorization of the connection request and establishes separate SSH connections with target resource instances of the customer allocation); receiving, in the first intermediary backend system, a connection request from a remote connectivity frontend system, the remote connectivity frontend system having been accessed by a first user (Baer: col. 3 lines 7-12 user wanting to utilize a portion of the resources 114 can submit a request that is received to an interface layer 108 of the provider environment 106. The interface layer can include application programming interfaces (APIs) or other exposed interfaces enabling a user to submit requests to the provider environment); authenticating, in the first intermediary backend system, the first user to grant access by the first user to a first intermediary frontend system coupled to the first intermediary backend system with access to the connectivity data (Baer: col. 5 lines 2-5 SSH uses public key cryptography to authenticate the client device 102, or a user of the client device, among other such options. Authentication can be obtained [] through use of a public-private key pair); receiving, from the first user in the first intermediary frontend system, a selection of a first connection type selected from the plurality of connection types for each of the plurality of secure computer systems and a first secure computer system of the plurality of secure computer systems (Baer: col. 5 lines 42-44 a customer accessing such a console can specify an instance and select an option to establish a secure connection to that instance; lines 52-57 the customer can specify the target instance, such as through the command to be executed by the bastion service. An SSH server of the bastion service can then route the traffic to the target instance along a determined network path using, for example, port 22 for SSH traffic); and configuring, by the first intermediary backend system, one or more tunnel proxy servers to establish a connection, having the first connection type, between the remote connectivity frontend system and the first secure computer system of the plurality of secure computer systems (Baer: col. 4 lines 62-67 the SSH client 202 can cause a secure channel to be established between the client device 102 and the SSH server 210 of the customer allocation 204. The encryption provided by the SSH connection enables sensitive data to be securely transmitted to the customer allocation 204 over the at least one network 104). Baer does not explicitly disclose the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. However, Lee discloses the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator (Lee: par. 0032 connectivity data [] refer to any data or information that indicates the identity, characteristics, type, and/or contact information of a communication group that may be used by a mobile device to communicate with devices and/or members associated with the communication group. For example, connectivity data may be an Internet protocol (IP) address to a server [] uniform resource locator (URL)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Lee with the system/method of Baer to include the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. One would have been motivated to provide methods for a mobile device to provide information for joining the communication group, such as a URL, group call information and connectivity data (Lee: par. 0034). Baer in view of Lee does not explicitly disclose automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. However, Trabelsi discloses automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system (Trabelsi: par. 0132 a user launches an application on a primary VM that depends on connectivity to a particular remote server (e.g., a web browser, an RDP client, an SSH client, and the like); par. 0142 a user may attempt to use an RDP client [] in the "Personal Security Zone" to connect to an RDP server in the corporate network [] the network security zone automatically detects the socket connection Request [] and automatically launches the RDP client in the "Corporate Security Zone" with the target server as parameter). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Trabelsi with the system/method of Baer and Lee to include automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. One would have been motivated to seamlessly launching an application in an appropriate virtual machine within a security zone (Trabelsi: par. 0012). Regarding claim 20: Baer discloses a non-transitory computer-readable medium storing computer-executable instructions that, when executed by at least one processor, perform a method of connecting computer systems, the method comprising: retrieving, in a first intermediary backend system from one or more external systems, connectivity data for a plurality of secure computer systems (Baer: col. 3 lines 21-26 a resource manager 110 [] determine whether that user has an existing account with the resource provider, where the account data may be stored in at least one data store 112 in the provider environment; col. 1 lines 66-67 through col. 2 lines 1-3 an SSH bastion service [i.e., intermediary] can be operated in the resource provider environment that provides authentication and authorization of the connection request and establishes separate SSH connections with target resource instances of the customer allocation); receiving, in the first intermediary backend system, a connection request from a remote connectivity frontend system, the remote connectivity frontend system having been accessed by a first user (Baer: col. 3 lines 7-12 user wanting to utilize a portion of the resources 114 can submit a request that is received to an interface layer 108 of the provider environment 106. The interface layer can include application programming interfaces (APIs) or other exposed interfaces enabling a user to submit requests to the provider environment); authenticating, in the first intermediary backend system, the first user to grant access by the first user to a first intermediary frontend system coupled to the first intermediary backend system with access to the connectivity data (Baer: col. 5 lines 2-5 SSH uses public key cryptography to authenticate the client device 102, or a user of the client device, among other such options. Authentication can be obtained [] through use of a public-private key pair); receiving, from the first user in the first intermediary frontend system, a selection of a first connection type selected from the plurality of connection types for each of the plurality of secure computer systems and a first secure computer system of the plurality of secure computer systems (Baer: col. 5 lines 42-44 a customer accessing such a console can specify an instance and select an option to establish a secure connection to that instance; lines 52-57 the customer can specify the target instance, such as through the command to be executed by the bastion service. An SSH server of the bastion service can then route the traffic to the target instance along a determined network path using, for example, port 22 for SSH traffic); and configuring, by the first intermediary backend system, one or more tunnel proxy servers to establish a connection, having the first connection type, between the remote connectivity frontend system and the first secure computer system of the plurality of secure computer systems (Baer: col. 4 lines 62-67 the SSH client 202 can cause a secure channel to be established between the client device 102 and the SSH server 210 of the customer allocation 204. The encryption provided by the SSH connection enables sensitive data to be securely transmitted to the customer allocation 204 over the at least one network 104). Baer does not explicitly disclose the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. However, Lee discloses the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator (Lee: par. 0032 connectivity data [] refer to any data or information that indicates the identity, characteristics, type, and/or contact information of a communication group that may be used by a mobile device to communicate with devices and/or members associated with the communication group. For example, connectivity data may be an Internet protocol (IP) address to a server [] uniform resource locator (URL)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Lee with the system/method of Baer to include the connectivity data specifying a plurality of connection types for each customer for each of the plurality of secure computer systems, the plurality of connection types comprising an Internet Protocol address and universal resource locator. One would have been motivated to provide methods for a mobile device to provide information for joining the communication group, such as a URL, group call information and connectivity data (Lee: par. 0034). Baer in view of Lee does not explicitly disclose automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. However, Trabelsi discloses automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system (Trabelsi: par. 0132 a user launches an application on a primary VM that depends on connectivity to a particular remote server (e.g., a web browser, an RDP client, an SSH client, and the like); par. 0142 a user may attempt to use an RDP client [] in the "Personal Security Zone" to connect to an RDP server in the corporate network [] the network security zone automatically detects the socket connection Request [] and automatically launches the RDP client in the "Corporate Security Zone" with the target server as parameter). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Trabelsi with the system/method of Baer and Lee to include automatically launching, based on the first connection type, a first computer application of a plurality of computer applications to allow the first user to operate the first secure computer system. One would have been motivated to seamlessly launching an application in an appropriate virtual machine within a security zone (Trabelsi: par. 0012). Claims 3, 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Baer et al. (“Baer,” US 10511584) in view of Lee et al. (“Lee,” US 2014/0056172), TRABELSI et al. (“Trabelsi,” US 2019/0372983) and Harrison et al. (“Harrison,” US 6539483). Regarding claim 3: Baer in view of Lee discloses and Trabelsi the method of claim 1. Baer in view of Lee and Trabelsi does not explicitly disclose wherein one or more of the connection types are associated with an application launch template to configure and launch an associated computer application. However, Harrison discloses wherein one or more of the connection types are associated with an application launch template to configure and launch an associated computer application (Harrison: col. 6 lines 49-51 the device list, connection type and policy template are combined to generate all of the policies for the policy segment). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Harrison with the system/method of Baer, Lee and Trabelsi to include launch template to configure and launch the associated computer application. One would have been motivated to creating a secure tunnel between two network entities using security mechanisms such as authentication and encryption (Harrison: col. 1 lines 21-23). Regarding claim 8: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer in view of Lee and Trabelsi does not explicitly disclose wherein each of the plurality of secure computer systems stores the connectivity data independently, and the one or more external systems are a plurality of external systems corresponding to the plurality of secure computer systems. However, Harrison discloses wherein each of the plurality of secure computer systems stores the connectivity data independently, and the one or more external systems are a plurality of external systems corresponding to the plurality of secure computer systems (Harrison: col. 5 lines 43-45 FIG. 1 illustrates the interactions between a policy configuration application, an LDAP server and the VPN devices). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Harrison with the system/method of Baer, Lee and Trabelsi to include the one or more external systems are a plurality of external systems corresponding to the plurality of secure computer systems. One would have been motivated to creating a secure tunnel between two network entities using security mechanisms such as authentication and encryption (Harrison: col. 1 lines 21-23). Regarding claim 16: Baer in view of Lee and Trabelsi discloses the method of claim 13. Baer in view of Lee and Trabelsi does not explicitly disclose wherein the entity defined constraints specify at a time limit for a connection type. However, Harrison discloses wherein the entity defined constraints specify at a time limit for a connection type (Harrison: col. 4 lines 32-34 the condition consists of a validity period and a traffic profile. The validity period defines the time frame in which the action should be performed). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Harrison with the system/method of Baer, Lee and Trabelsi to include the entity defined constraints specify at a time limit for a connection type. One would have been motivated to creating a secure tunnel between two network entities using security mechanisms such as authentication and encryption (Harrison: col. 1 lines 21-23). Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Baer et al. (“Baer,” US 10511584) in view of Lee et al. (“Lee,” US 2014/0056172), TRABELSI et al. (“Trabelsi,” US 2019/0372983) and Pollutro et al. (“Pollutro,” US 2021/0266303). Regarding claim 4: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer in view of Lee and Trabelsi does not explicitly disclose issuing one or more certificates a central public key infrastructure server and after the authenticating step, issuing a first certificate to the first user, the first certificate granting user access rights to the first secure computer system of the plurality of secure computer systems. However, Pollutro discloses issuing one or more certificates a central public key infrastructure server (Pollutro: par. 0062 certificate Management Service (CMS) 408 can be used for generating and managing certificates for the client devices 202 and platform microservices 204); and after the authenticating step, issuing a first certificate to the first user, the first certificate granting user access rights to the first secure computer system of the plurality of secure computer systems (Pollutro: par. 0061 the microservices 204 are not publicly accessible, and communicate with each other over end-to-end secure links, using certificates to authenticate and exchange messages). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Pollutro with the system/method of Baer, Lee and Trabelsi to include after said authenticating step, issuing a first certificate to the user, the first certificate granting the user access rights to the first secure computer system of the plurality of secure computer systems. One would have been motivated to set-up secure communication path for secure communication between any pair of enabled endpoints (Pollutro: par. 0040). Regarding claim 5: Baer in view of Lee, Trabelsi and Pollutro discloses the method of claim 4. Pollutro further discloses wherein the first certificate has a predefined time period, and wherein the first certificate becomes invalid said predefined time period after the first user first accesses the first secure computer system (Pollutro: par. 0189 creates an IPSec tunnel to the management service and authenticates itself with its pre-assigned one-time-use certificate; par. 0203 the agent device 402 receives the ephemeral certificate [] the agent device 402 is now fully registered. The cloud service revokes the one-time-use certificate and closes the IPSec connection). The motivation is the same that of claim 4 above. Claims 11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Baer et al. (“Baer,” US 10511584) in view of Lee et al. (“Lee,” US 2014/0056172), TRABELSI et al. (“Trabelsi,” US 2019/0372983) and Shah (US 12199827). Regarding claim 11: Baer in view of Lee and Trabelsi discloses the method of claim 1. Baer in view of Lee and Trabelsi does not explicitly disclose wherein a tunnel proxy server of the one or more tunnel proxy servers operates in a different geographical region than the first intermediary backend system, and wherein a first geographic location of the tunnel proxy server is selected based on a location of the first user and a location of the first secure computer system being connected. However, Shah discloses wherein a tunnel proxy server of the one or more tunnel proxy servers operates in a different geographical region than the first intermediary backend system, and wherein a first geographic location of the tunnel proxy server is selected based on a location of the first user and a location of the first secure computer system being connected (Shah: col. 10 lines 22-26 the authentication component 306 may grant authorization for the services that the device is allowed to access based on [] device location; lines 37-42 authorized to access the network from a specific geographical location ("GPS location" or "geolocation"). The specific geolocation may be determined and stored based on any location initiating scheme including a predetermined GPS location, a first detected GPS location on boot, location detected during system setup, and the like). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shah with the system/method of Baer, Lee and Trabelsi to include the tunnel proxy server operates in a different geographical region than the first intermediary backend system. One would have been motivated to providing authorization for the services that the device is allowed to access based on device location (Shah: col. 10 lines 22-23). Regarding claim 17: Baer in view of Lee and Trabelsi discloses the method of claim 13. Baer in view of Lee and Trabelsi does not explicitly disclose wherein the entity defined constraints deny access to users based on a geographic region. However, Shah discloses wherein the entity defined constraints deny access to users based on a geographic region (Shah: col. 10 lines 48-54 if the connection to the wireless base station goes down and then attempts to reconnect from a second different GPS location [] the system may assume the network device has been stolen and moved to an unauthorized location and deny network access). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Shah with the system/method of Baer, Lee and Trabelsi to include the entity defined constraints deny access to users based on a geographic region. One would have been motivated to providing authorization for the services that the device is allowed to access based on device location (Shah: col. 10 lines 22-23). Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Baer et al. (“Baer,” US 10511584) in view of Lee et al. (“Lee,” US 2014/0056172), TRABELSI et al. (“Trabelsi,” US 2019/0372983) and McGovern et al. (“McGovern,” US 9420002). Regarding claim 18: Baer in view of Lee and Trabelsi discloses the method of claim 13. Baer further discloses wherein the entity defined constraints specify at least one valid reason for accessing a particular secure computer system, wherein the first intermediary frontend system displays a plurality of reasons to the first user, and wherein when the first user selects a reason that matches the at least one valid reason, then access is granted, and wherein when the first user selects a reason that does not match the at least one valid reason, then access is denied, the method further comprising logging a plurality of selected reasons resulting in denials of access (Baer: col. 9 lines 5-11 the bastion service can attempt to determine 506 whether the access credential (or set of credentials) associated with the request can be authenticated. The credentials can be a public cryptographic key transmitted with the request, for example, which can be compared against a private key previously obtained or determined for the customer or device requesting access; lines 23-26 the determination result can be returned to the bastion service, and if it is determined 506 that the credential unable to be successfully authenticated then the request can be denied 508; lines 30-33 an attempt can be made to determine 512 whether the source of the request is authorized to access, or communicate with, the target resource instance; lines 44-53 if the source of the request is determined 514 to be able to access the target resource instance [] the bastion service can establish 520 a network path between the bastion service and the relevant port (e.g., port 22) on the target resource instance, such as by routing the SSH traffic to the port on the target instance through a tunneling or other such routing process). Baer in view of Lee and Trabelsi does not explicitly disclose generating a security audit when a number of reasons resulting in denials meets a threshold. However, McGovern disclose generating a security audit when a number of reasons resulting in denials meets a threshold (McGovern: col. 16 lines 66-67 through col. 17 lines 1-8 a policy based alert may be any notification or report such as an automatically generated and transmitted message corresponding to a policy enforcement action (e.g., an email, SMS message, electronic message, instant message, a popup message, an indicator, or the like generated based on an approved, denied, partially approved, or partially denied access request), an automatically generated and transmitted message corresponding to reaching a threshold point (e.g., a threshold number of access requests, access approvals, access denials, or the like)). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of McGovern with the system/method of Baer, Lee and Trabelsi to include generating a security audit when a number of reasons resulting in denials meets a threshold. One would have been motivated to providing control access to data and services (McGovern: col. 3 line 33). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439