POLICY-BASED REMOTE ACCESS SYSTEM WITH PERIODIC AUTHENTICATION

§101 §103 §DP

20Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Claims 2-21 are presented for examination. Claim 1 is cancelled. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. 3. Claims 2-8 are rejected under 35 U.S.C. 101 because the claim invention is directed to non-statutory subject matter. These are “system” claims without showing any tangible or hardware elements in the body of the claims. Therefore, it is evidentiary that these “system” claims do not comprises any tangible components or hardware elements. For example, “a client device” is just software module, not any hardware or tangible module. Hence, the “system” is reasonably interpreted by one of ordinary skill as just software, it is a system of software, per se. The function of the system is just software not any hardware. Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760 (claim to a data structure per se held nonstatutory). Such claimed data structures do not define any structural and functional interrelationships between the data structure and other claimed aspects of the invention which permit the data structure’s functionality to be realized. Similarly, computer programs module claimed as computer instructions per se, i.e., the descriptions or expressions of the programs, are not physical “things.” They are neither computer components nor statutory processes, as they are not “acts” being performed. Such claimed computer programs modules do not define any structural and functional interrelationships between the computer program and other claimed elements of a computer which permit the computer program’s functionality to be realized. Accordingly, it is important to distinguish claims that define descriptive material per se from claims that define statutory inventions. So, it does not appear that a claim reciting software module with functional descriptive material falls within any of the categories of patentable subject matter set forth in § 101. 3. Claims 16-21 are rejected under 35 U.S.C. 101 because the claim invention is directed to non-statutory subject matter. These are “system” claims without showing any tangible or hardware elements in the body of the claims. Therefore, it is evidentiary that these “system” claims do not comprises any tangible components or hardware elements. For example, “a plurality of servers” and “the first policy component” are just software module, not any hardware or tangible module. Hence, the “system” is reasonably interpreted by one of ordinary skill as just software, it is a system of software, per se. The function of the system is just software not any hardware. Warmerdam, 33 F.3d at 1361, 31 USPQ2d at 1760 (claim to a data structure per se held nonstatutory). Such claimed data structures do not define any structural and functional interrelationships between the data structure and other claimed aspects of the invention which permit the data structure’s functionality to be realized. Similarly, computer programs module claimed as computer instructions per se, i.e., the descriptions or expressions of the programs, are not physical “things.” They are neither computer components nor statutory processes, as they are not “acts” being performed. Such claimed computer programs modules do not define any structural and functional interrelationships between the computer program and other claimed elements of a computer which permit the computer program’s functionality to be realized. Accordingly, it is important to distinguish claims that define descriptive material per se from claims that define statutory inventions. So, it does not appear that a claim reciting software module with functional descriptive material falls within any of the categories of patentable subject matter set forth in § 101. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 11,019,106. Although the claims at issue are not identical, they are not patentably distinct from each other. Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 11,722,531. Although the claims at issue are not identical, they are not patentably distinct from each other. Claims 2-21 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,132,765. Although the claims at issue are not identical, they are not patentably distinct from each other. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 4. Claims 2-21 are rejected under 35 U.S.C. 103 as being unpatentable over Ozkan (US pat. App. Pub. 20180367609) and in view of Lefebvre et al hereafter Lefebvre (US pat. App. Pub. 20200311241) and in further view of Shaliv et al hereafter Shaliv (US pat. App. Pub. 20140006785). 5. As per claim 2, Ozkan discloses a remote access system for policy-controlled computing with a client device of a plurality of client devices connected to a remote software environment, the remote access system comprising: the client device that includes a local application configured to execute on the client device, the local application comprising: a first policy component with a first plurality of policies (paragraphs: 29, and 33, wherein it emphasizes a local application that runs in a customer device connects to the remote software component wherein the local application comprising a policy database with configurations and policies), wherein: the first plurality of policies specify restrictions for the local application, the first plurality of policies changes based on a change in a time duration of connection of the client device to a Virtual Private Network (VPN) connection, and the VPN connection is associated with a location of the client device (paragraphs: 11, 32, and 37, wherein it elaborates that the application configuration controls connection with the remote network and change of policies based on the variation of time duration between customer device and the VPN connection. Cloud gateway which is associated with the customer's home location that enables the customer to select the VPN connection), a client endpoint coupled to a digitally segregated tunnel; a mid-link server, coupled to the digitally segregated tunnel, the mid-link server comprising: a mid-link endpoint that terminates the digitally segregated tunnel, and a second policy component, wherein the second policy component uses a second plurality of policies with the remote software environment (Fig. 2, and paragraphs: 34-36, and 38 wherein it deliberates that customer endpoint associated with a separated connection and SD cloud gateway (mid-link server) associated with the separated connection and that ends with CSP-API (mid-link endpoint). SD gateway comprises with the network policies define the bandwidth capacities to be allocated on each of the connections and the gateway controls the traffic flow rules based on utilization, performance, time of day, originating user). Ozkan does not expressly disclose an authentication function configured to perform periodic authentication of the client device for continued authorization to access a remote instance associated with the remote software environment; and a mirror function that emulates sensor input from the client device as if it is happening inside the remote software environment. However, in the same field of endeavor, Lefebvre discloses an authentication function configured to perform authentication of the client device for authorization to access a remote instance associated with the remote software environment (paragraphs: 23, 33, and 108); and a mirror function that emulates sensor input from the client device as if it is happening inside the remote software environment (paragraphs: 38, 42, and 70). Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Lefebvre’s teachings of an authentication function configured to perform authentication of the client device for authorization to access a remote instance associated with the remote software environment and a mirror function that emulates sensor input from the client device as if it is happening inside the remote software environment with the teachings of Ozkan, for the purpose of effectively protecting the VPN connection with the local device from any unauthorized intruders. Ozkan in view of Lefebvre does not discloses an authentication function configured to perform periodic authentication of the client device for continued authorization to access a remote instance. However, in the same field of endeavor, Shaliv discloses an authentication function configured to perform periodic authentication of the client device for continued authorization to access a remote instance (paragraphs: 13-14). Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Shaliv’s teachings of an authentication function configured to perform periodic authentication of the client device for continued authorization to access a remote instance with the teachings of Ozkan-Lefebvre, for the purpose of effectively maintaining a secure authentic connection between the user device and the remote environment. 6. As per claim 3, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment, wherein the first plurality of policies changes based on changes in conditions associated with the client device (Ozkan: paragraphs: 35, and 37, wherein it discusses that the configurations between client device and remote environment changes based on pushed policies and time interval). 7. As per claim 4, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment of claim 3, wherein the conditions include the location of the client device, and/or a working profile associated with the client device (Ozkan: paragraphs: 11, and 32, wherein it describes that policy rules for the connection between client device and remote computing is included the location of the client device in the network). 8. As per claim 5, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment of claim 4, wherein the restrictions for the local application is based on the conditions (Ozkan: paragraphs: 36-37, wherein it discusses that policy for the connection between the client device and the remote computing system based on pluralities of terms and conditions). 9. As per claim 6, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment, further comprises a security utility that maintains security for the remote software environment by using the second plurality of policies, wherein the second plurality of policies specifies security for use of the remote instance associated with the remote software environment (Ozkan: paragraphs: 10, and 29). 10. As per claim 7, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment, wherein the second plurality of policies include keys, protocols, quality of service, or authentication requirements for the client device (Ozkan: paragraphs: 31, and 34). 11. As per claim 8, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment, wherein the second plurality of policies are updated for each client device, and corresponding enterprise, a country, and a present location of each of the client device of the plurality of client devices (Ozkan: paragraphs: 35-38). 12. As per claim 9, and 16, Ozkan discloses a method, and remote access system for policy-controlled computing with a client device connected to a remote software environment, the method comprising: enforcing restrictions for a local application executed on the client device (paragraphs: 29, and 33, wherein it emphasizes a local application that runs in a customer device connects to the remote software component wherein the local application comprising a policy database with configurations and policies), the local application with a first policy component having a first plurality of policies, wherein: the first policy component is part of the local application configured to execute on the client device of a plurality of client devices, the first plurality of policies changes based on a change in a time duration of connection of the client device to a Virtual Private Network (VPN) connection, and the VPN connection is associated with a location of the client device (paragraphs: 11, 32, and 37, wherein it elaborates that the application configuration controls connection with the remote network and change of policies based on the variation of time duration between customer device and the VPN connection. Cloud gateway which is associated with the customer's home location that enables the customer to select the VPN connection); provisioning a digitally segregated tunnel between a client endpoint and a mid-link endpoint of a mid-link server; provisioning on the mid-link server an operating system and a plurality of applications running on the operating system that collectively are port of the remote software environment; enforcing restrictions on the remote software environment with a second policy component using a second plurality of policies (Fig. 2, and paragraphs: 34-36, and 38 wherein it deliberates that customer endpoint associated with a separated connection and SD cloud gateway (mid-link server) associated with the separated connection and that ends with CSP-API (mid-link endpoint). SD gateway comprises with the network policies define the bandwidth capacities to be allocated on each of the connections and the gateway controls the traffic flow rules based on utilization, performance, time of day, originating user). Ozkan does not expressly disclose performing periodic authentication of the client device by an authentication function for continued authorization to access a remote instance associated with the remote software environment; and emulating sensor input from the client device as if it is happening inside the remote software environment using a mirror function. However, in the same field of endeavor, Lefebvre discloses performing authentication of the client device by an authentication function for authorization to access a remote instance associated with the remote software environment (paragraphs: 23, 33, and 108); and emulating sensor input from the client device as if it is happening inside the remote software environment using a mirror function (paragraphs: 38, 42, and 70). Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Lefebvre’s teachings of performing periodic authentication of the client device by an authentication function for continued authorization to access a remote instance associated with the remote software environment and emulating sensor input from the client device as if it is happening inside the remote software environment using a mirror function with the teachings of Ozkan, for the purpose of effectively protecting the VPN connection with the local device from any unauthorized intruders. Ozkan in view of Lefebvre does not discloses performing periodic authentication of the client device by an authentication function for continued authorization to access a remote instance associated with the remote software environment. However, in the same field of endeavor, Shaliv discloses performing periodic authentication of the client device by an authentication function for continued authorization to access a remote instance associated with the remote software environment (paragraphs: 13-14). Accordingly, it would been obvious to one of ordinary skill in the network security art before the effective filing date of the claimed invention to have incorporated Shaliv’s teachings of performing periodic authentication of the client device by an authentication function for continued authorization to access a remote instance associated with the remote software environment with the teachings of Ozkan-Lefebvre, for the purpose of effectively maintaining a secure authentic connection between the user device and the remote environment. 14. As per claim 12, and 19, Ozkan in view of Lefebvre and in further view of Shaliv discloses the method and the system for policy-controlled computing with the client device connected to the remote software environment, wherein content sites have certain features disabled, filtered or modified by the mid-link server such that the client device behaves than if it were to directly connect to a content site (Ozkan: paragraphs: 29-31). 115. Claims 10-11, 13-15, 17-18, and 21 are listed all the same elements of claims 3-4, and 6-8. Therefore, the supporting rationales of the rejection to claims 3-4, and 6-8 apply equally as well to claims 10-11, 13-15, 17-18, and 21. 16. As per claim 20, Ozkan in view of Lefebvre and in further view of Shaliv discloses the remote access system for policy-controlled computing with the client device connected to the remote software environment, wherein the second plurality of policies specify security before use of the remote instance of the remote software environment for continued use of remote instances, and prior to loading of applications of remote instances (Ozkan, paragraphs: 35-36). Citation of References 17. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action: Shribman et al (US pat. app. Pub. 20200220746): discusses fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types. Zhao et al (US pat. App. Pub. 20190132291): elaborates that VPN tunnel policy is defined on a per-application basis. The VPN tunnel policy may specify that a particular application is permitted to transmit data on a specific VPN tunnel. Subsequently, the specified application is delivered to one or more virtual machines and an application tunnel manager creates a new virtual network interface card (NIC) on the VM, corresponding to the delivered application. The newly created virtual NIC is attached to a specified subnet. The subnet may be a VPN transition network with a connection to a VPN gateway device. The subnet may have been previously defined or generated at the time of assigning the application to the VPN tunnel. Conclusion 18. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD W REZA whose telephone number is (571)272-6590. The examiner can normally be reached on Monday-Friday 8:30-5:30 ET. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached on 571-270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). /MOHAMMAD W REZA/Primary Examiner, Art Unit 2407