Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-6, 8-13, 15-17, 19-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticiapted by Pampati et al. (US 2024/0422198) hereafter Pampati.
1. Pampati discloses a method comprising:
processing a request for an application to access a remote secure resource via a secure network connection, wherein the request comprises at least an application identifier assigned by a security device (para 69, client connector sends the full context of the application once through a Datagram Transport Layer Security (DTLS) tunnel 804 with reserved packet headers, and calculates a unique hash that represents the application ID. It is an important optimization to send the full information only once not to overload the network connection);
maintaining an application inventory for an endpoint device, the application inventory having a list of applications installed on the endpoint device with corresponding application identifiers (para 69, client connector 400 continuously receives updates associated with an application catalog 802. The application catalog 802 includes a directory of applications and their associated identity information. The application catalog 802 is built dynamically by crowdsourcing know applications through digital experience monitoring services described herein);
synchronizing the application inventory with at least one remote device (para 69, client connector 400 continuously receives updates associated with an application catalog 802);
opening a network connection to allow the application to access the remote secure resource, wherein the network connection is limited to use by the application as determined at least by the application identifier corresponding to the application and other applications with different corresponding application identifiers are excluded from the network connection (para 55-57, 65-70, follow specific forwarding policies such as to ensure productivity and stop data loss and lateral movement. In order to ensure productivity, latency sensitive applications can be sent direct 806, while Virtual Private Network (VPN) traffic is excluded from the DTLS tunnel 804. To stop data loss and lateral movement, various users shall be granted access dependent on such policies. For example, developers can have access to internal repos via private access systems 808);
receiving a verification of establishment of the network connection to allow access to the remote secure resource (para 69-72, specific forwarding policies … traffic is dropped [communication is a verificaiton]; see further para 55-57); and
transmitting application data from the application over the network connection to access the remote secure resource (para 69-72).
2. Pampati discloses the method of claim 1 wherein the secure network connection comprises a zero-trust network access (ZTNA) connection (para 55-57, 69-72).
3. Pampati discloses the method of claim 2, wherein separate ZTNA tunnels are opened for applications in the application inventory (para 55-57, 69-72).
4. Pampati discloses the method of claim 1 further comprising synchronizing verification information including an application identifier between a group of security components coupled with the network (para 55-57, 69-72).
5. Pampati discloses the method of claim 4, wherein the security components comprise at least a client device having a security agent and a gateway device coupled via the network (figs. 5, 8 and corresponding text).
6. Pampati discloses the method of claim 1, wherein the network connection comprises a zero-trust network access (ZTNA) network connection (para 55-57, 69-72).
Claims 8-13, 15-17, 19-20 are similar in scope to claims 1-6 and are rejected under similar rationale.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 7, 14, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pampati as applied to claim 6, 13, 17 above, and further in view of RFC9146: Connection Identifier for DTLS 1.2 hereafter RFC.
7. Pampat discloses the method of claim 6, and further discloses using DTLS (para 69) but does not explicitly disclose wherein the application identifier is included in at least one packet header of traffic over the ZTNA network connection. However, in an analogous art, RFC discloses a connection ID that allows for a variable length identifier to be added to the record header, further allowing connections to persist (Introduction).
Claims 14 and 18 are similar in scope to claim 7 and are rejected under similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES R TURCHEN/ Primary Examiner, Art Unit 2439