DOCKET NO: 341244US91CONT
`
`IN THE UNITED STATES PATENT & TRADEMARK OFFICE
`
`IN RE APPLICATION OF
`
`DANIEL J. MENDEZ, ET AL.
`
`: EXAMINER: BURGESS, BARBARA N.
`
`SERIAL NO: 12/489,326
`
`FILED: JUNE 22, 2009
`
`: GROUP ART UNIT: 2457
`
`FOR: GLOBAL SERVER FOR
`AUTHENTICATING ACCESS TO
`REMOTE SERVICES
`
`AMENDMENT UNDER 37 C.F.R. § 1.111
`
`COMMISSIONER FOR PATENTS
`
`ALEXANDRIA, VIRGINIA 22313
`
`SIR:
`
`In response to the Office Action dated June 2, 201 I, please amend the above--
`
`identified application as follows:
`
`Amendments to the Claims are reflected in the listing of claims which begins on
`
`page 2 of this paper.
`
`Remarks/Arguments bcgin on page 1 1 of this paper.
`
`VMware Exhibit 1007 Page 1
`
`VMware Exhibit 1007 Page 1
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 20! 1
`
`IN THE CLAIMS
`
`Please amend the claims as follows:
`
`1-45. (Cancelled)
`
`46. (Currently Amended) A global server for providing a user of a remote user
`
`terminal with authenticated access to a service provided by a service server via a first
`
`communications link between the global server and the remote user terminal and a second
`
`communications link between the global server and the service server, the global server being
`
`configured to provide the user of the remote user terminal with authenticated access to the
`
`service provided by the service server, the global server comprising:
`
`a communication interface configured to connect to the first communications link and
`
`to connect to the second communications link;
`
`a processor configured to
`
`authenticate the user with respect to the global server by processing first
`
`authentication information for the user, the first authentication information being
`
`received from the remote user terminal via the—eemmunieatien—interfaee—frem the first
`
`communications link, to verify the identity of the user with respect to the global
`
`server;
`
`authenticate the user with respect to the service server by retrieving second
`
`authentication information for the user and transmitting said second authentication
`
`information directly to the service server via the—eemumeatten—hnlefrem the second
`
`communications link, to verify the identity of the user with respect to the service
`
`server;
`
`VMware Exhibit 1007 Page 2
`
`VMware Exhibit 1007 Page 2
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 2011
`
`conduct authenticated communications with the service server on behalf of the
`
`user, via the second communications link and using the communication interface,
`
`after the authentication of the user with respect to the service server; and
`
`provide the user of the remote user terminal with authenticated access to the
`
`service by conducting authenticated communications with the remote terminal, via the
`
`first communications link and using the communication interface, after conducting the
`
`authenticated communications with the service server on behalf of the user.
`
`47. (Previously Presented) The global server of claim 46, wherein the first
`
`authentication information and the second authentication information are different.
`
`48. (Previously Presented) The global server of claim 46, wherein the first
`
`authentication information comprises a password and a user ID.
`
`49. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to retrieve the second authentication information from storage on the
`
`global server, in dependence on an identity of the service server.
`
`50. (Previously Presented) The global server ofclaim 46, wherein the processor is
`
`further configured to provide authenticated access to services provided by a plurality of
`
`different service servers.
`
`51. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to retrieve a service address for the service server from storage on the
`
`VMware Exhibit 1007 Page 3
`
`VMware Exhibit 1007 Page 3
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 2011
`
`global server, in order to provide authenticated access to the service provided by the service
`
`server.
`
`52. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to provide authenticated access to the service on the basis of one or more
`
`authentication levels associated with a respective service.
`
`53. (Previously Presented) The global server ofclaim 46, wherein the first
`
`communications link comprises an Internet communications channel, the user accessing said
`
`service on the remote terminal via a web browser.
`
`54. (Previously Presented) The global server of claim 53, comprising a security
`
`system configured to create the first communications link as a secure communications link
`
`for communication with the remote user terminal.
`
`55. (Previously Presented) The global server of claim 54, wherein the secure
`
`communications link is created in response to the remote user terminal using a uniform
`
`resource locator (URL) to access the global server.
`
`56. (Previously Presented) The global server of claim 46, wherein the remote user
`
`terminal is configured using a downloadable executable, the downloadable executable being
`
`configured to authenticate the user of the remote terminal with respect to the global server.
`
`57. (Previously Presented) The global server ofclaim 46, wherein the processor is
`
`further configured to access a key store to retrieve said second authentication information.
`
`VMware Exhibit 1007 Page 4
`
`VMware Exhibit 1007 Page 4
`
`

`

`Application No. 12/489,326
`Reply to Office Action ofJune 2, 201 l
`
`58. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to retrieve a service address of the service server, and to use said service
`
`address to set up said second communications link.
`
`59. (Previously Presented) The global server of claim 46, wherein the service server
`
`comprises a service engine for operating on workspace data, at the service server, in response
`
`to said authenticated communications conducted by the global server.
`
`60. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to retrieve data identifying a set of services, associated with a particular
`
`user, in order to provide authenticated access to said services.
`
`61. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to retrieve an authentication level needed in order to provide authenticated
`
`access to the service provided by said service server.
`
`62. (Currently Amended) The global server of claim 46, wherein the remote user
`
`terminal i_s a smartphone.
`
`63. (Previously Presented) The global server of claim 46, wherein said service is
`
`provided on a smartphone.
`
`64. (Previously Presented) The global server of claim 46, wherein the processor of
`
`the global server is configured to conduct synchronization of a workspace element with
`
`VMware Exhibit 1007 Page 5
`
`VMware Exhibit 1007 Page 5
`
`

`

`Application No. 12/489,326
`Reply to Office Action ofJune 2, 20]]
`
`respect to an independently-modifiable copy of the workspace element stored on the service
`
`server, in addition to providing access to the service provided by the service server.
`
`65. (Previously Presented) The global server of claim 46, wherein the processor is
`
`further configured to conduct the authentication of the user of the remote user terminal with
`
`respect to the service server in response to the authentication of the user of the remote user
`
`terminal with respect to the global server.
`
`66. (Previously Presented) A method of providing a user of a remote user terminal
`
`with authenticated access to a service provided by a service server via a first communications
`
`link between the global server and the remote user terminal and a second communications
`
`link between the global server and the service server, the method comprising:
`
`authenticating, at a processor of the global server, the user with respect to the global
`
`server by processing first authentication information for the user, the first authentication
`
`information being received from the remote user terminal via the first communications link,
`
`to verify the identity of the user with respect to the global server;
`
`authenticating, at the processor of the global server, the user with respect to the
`
`service server by retrieving second authentication information for the user and transmitting
`
`said second authentication information to the service server via the second communications
`
`link, to verify the identity of the user with respect to the service server;
`
`conducting, by the processor of the global server through a communication interface
`
`thereof, authenticated communications with the service server on behalf of the user, via the
`
`second communications link, after the authentication of the user with respect to the service
`
`server; and
`
`VMware Exhibit 1007 Page 6
`
`VMware Exhibit 1007 Page 6
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 201 1
`
`providing, by the processor of the global server, the user of the remote user terminal
`
`with authenticated access to the service by conducting authenticated communications with
`
`the remote terminal, via the first communications link, after conducting the authenticated
`
`communications with the service server on behalf of the user.
`
`67. (Previously Presented) The method of claim 66, wherein the first authentication
`
`information and the second authentication information are different.
`
`68. (Previously Presented) The method of claim 66, wherein the first authentication
`
`information comprises a password and a user ID.
`
`69. (Previously Presented) The method of claim 66, further comprising retrieving, by
`
`the global server, the second authentication information from storage on the global server, in
`
`dependence on an identity of the service server.
`
`70. (Previously Presented) The method of claim 66, further comprising providing, by
`
`the global server, authenticated access to services provided by a plurality of different service
`
`SCTVCI‘S.
`
`71. (Previously Presented) The method of claim 66, further comprising retrieving, by
`
`the global server, a service address for the service server from storage on the global server, in
`
`order to provide authenticated access to the service provided by the service server.
`
`VMware Exhibit 1007 Page 7
`
`VMware Exhibit 1007 Page 7
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 201 l
`
`72. (Previously Presented) The method of claim 66, further comprising providing, by
`
`the global server, authenticated access to the service on the basis of one or more
`
`authentication levels associated with a respective service.
`
`73. (Previously Presented) The method of claim 66, wherein the first
`
`communications link comprises an Internet communications channel, the user accessing said
`
`service on the remote terminal Via a web browser.
`
`74. (Previously Presented) The method of claim 73, further comprising creating, by
`
`the global server, the first communications link as a secure communications link for
`
`communication with the remote user terminal.
`
`75. (Previously Presented) The method of claim 74, comprising creating the secure
`
`communications link in response to the remote user terminal using a uniform resource locator
`
`(URL) to access the global server.
`
`76. (Previously Presented) The method of claim 66, further comprising configuring
`
`the remote user terminal using a downloadable executable, the downloadable executable
`
`authenticating the user of the remote terminal with respect to the global server.
`
`77. (Previously Presented) The method of claim 66, further comprising accessing, by
`
`the global server, a key store to retrieve said second authentication information.
`
`VMware Exhibit 1007 Page 8
`
`VMware Exhibit 1007 Page 8
`
`

`

`Application No. 12/489,326
`Reply to Office Action ofJune 2, 2011
`
`78. (Previously Presented) The method of claim 66, further comprising retrieving, by
`
`the global server, a service address of the service server, and using said service address to set
`
`up said second communications link.
`
`79. (Previously Presented) The method of claim 66, further comprising operating, by
`
`the global server, on workspace data, at the service server, in response to said authenticated
`
`communications conducted by the global server.
`
`80. (Previously Presented) The method of claim 66, further comprising retrieving, by
`
`the global server, data identifying a set of services, associated with a particular user, in order
`
`to provide authenticated access to said services.
`
`81. (Previously Presented) The method of claim 66, further comprising retrieving, by
`
`the global server, an authentication level needed in order to provide authenticated access to
`
`the service provided by said service server.
`
`82. (Currently Amended) The method of claim 66, wherein the remote user terminal
`
`i_s a smartphone.
`
`83. (Previously Presented) The method of claim 66, wherein said service is provided
`
`on a smartphone.
`
`84. (Previously Presented) The method of claim 66, further comprising conducting,
`
`by the global server, synchronization of a workspace element with respect to an
`
`VMware Exhibit 1007 Page 9
`
`VMware Exhibit 1007 Page 9
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 2011
`
`independently-modifiable copy of the workspace element stored on the service server, in
`
`addition to providing access to the service provided by the service server.
`
`85. (Previously Presented) The method of claim 66, further comprising conducting,
`
`by the global server, the authentication of the user of the remote user terminal with respect to
`
`the service server in response to the authentication of the user of the remote user terminal
`
`with respect to the global server.
`
`10
`
`VMware Exhibit 1007 Page 10
`
`VMware Exhibit 1007 Page 10
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 201 1
`
`REMARKS
`
`Favorable reconsideration of this application, in view of the present amendment and
`
`in light of the following discussion, is respectfully requested.
`
`Claims 46-85 are pending. Claims 46, 62 and 82 are amended to address potential
`
`informalities and for clarity. No new matter is introduced.
`
`In the outstanding Office Action, Claims 46-85 were rejected under 35 U.S.C.
`
`§ 102(e) as being unpatentable over Mashayekhi (US. Patent No. 5,818,936).
`
`Claim 46 is amended to recite a global server for providing a user of a remote user
`
`terminal with authenticated access to a service provided by a service server via a first
`
`communication link between the global server and the remote user terminal and a second
`
`communication link between the global server and the service server. Amended Claim 46
`
`further recites that the global server includes a processor configured to:
`
`conduct authenticated communications with the service server
`
`on behalf of the user, via the second communications link and
`using the communication interface, after the authentication of
`the user with respect to the service server; and
`
`provide the user of the remote user terminal with authenticated
`access to the service by conducting authenticated
`communications with the remote terminal, via the first
`communications link and using the communication interface,
`after conducting the authenticated communications with the
`service server on behalf of the user.
`
`Thus, amended Claim 46 defines that the global server conducts authenticated
`
`communication with the service server on behalf of the user via a second communication link
`
`and provides the user of the remote user terminal with authenticated access to the service
`
`through authenticated communication with the remote terminal via the first communication
`
`link. In other words, amended Claim 46 defines that communication between the remote user
`
`terminal and the service server is conducted through the global server via the first and second
`
`communication links. The cited reference does not disclose or suggest these features.
`
`11
`
`VMware Exhibit 1007 Page 11
`
`VMware Exhibit 1007 Page 11
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 201 l
`
`Mashayekhi describes a distributed authentication service to automate authentication
`
`exchange between a workstation (210) and an application resident on the workstation (210)
`
`or a server node (202).1 In operation, Mashayekhi describes that an exchange controller
`
`(207) verifies that a user has successfully logged-on to the network and has been
`
`authenticated by a directory service (DS) and then accesses a database API (206) to retrieve
`
`an application “secret” corresponding to an application that the user wishes to access.2 The
`
`workstation may then forward the application secret to the particular application program in
`
`order to gain access.3 Mashayekhi also describes that users log on to the network (100)
`
`through a directory service (DS) in order to gain access to the network.4
`
`However, Mashayekhi does not describe that the workstation (210) communicates
`
`with a server node that hosts the desired application via the controller (207) and the directory
`
`service (DS). Instead, Mashayekhi merely describes that the directory services (DS) and the
`
`controller (207) authenticate the workstation (210) and provide the workstation with a
`
`“secret” corresponding to the desired application.5 Then, the workstation, not the directory
`
`service (DS) or the controller (207), provides this “secret” to the server node (202).6 In other
`
`words, Mashayekm describes that the directory services (DS) and controller (207) only
`
`communicate with the workstation (210) in order to authenticate the workstation instead of
`
`providing a communication path between the workstation (210) and the server node (202). In
`
`fact, Figure 2 ofMashayekhi clearly illustrates that the workstation (210) is directly
`
`connected to the server node (202) via the network (100) and therefore can directly
`
`communicate with the server node (202) without requiring that the directory services (DS)
`
`and/or the controller (207) to take part in the communication. Conversely, amended Claim
`
`‘ Mashayekhi at column 5, line 57 - column 6, line 2; see also Figure 2,
`3
`Z Mashayekhi at column 6, line 60 — column 7, line 9.
`Q
`4 Mashavekhi at column 5, lines 13-43.
`6
`5 Mashayekhi at column 6, line 60 - column 7, line 9.
`Id.
`
`12
`
`VMware Exhibit 1007 Page 12
`
`VMware Exhibit 1007 Page 12
`
`

`

`Application No. 12/489,326
`Reply to Office Action of June 2, 201 l
`
`46 describes that the global server includes a processor that conducts authenticated
`
`communication with the service server on behalfof the user, Via the second communication
`
`link, and also provides the user of the remote user terminal with authenticated access to the
`
`service by conducting authenticated communication with the remote terminal via the first
`
`communication link. Therefore, Mashayekhi fails to disclose the claimed processor and thus
`
`does not disclose every feature recited in amended Claim 46. Accordingly, amended Claim
`
`46 and the claims depending therefrom are believed to be in condition for allowance.
`
`Claim 66 recites features substantially similar to those recited in amended Claim 46
`
`and is therefore believed to be in condition for allowance, together with any claim depending
`
`therefrom, for substantially similar reasons. Accordingly, it is respectfully requested that the
`
`rejection of Claim 46-85 under 35 U.S.C. § 102(e) be withdrawn.
`
`For the reasons discussed above, no further issues are believed o be outstanding in the
`
`present application, and the present application is believed to be in condition for formal
`
`allowance. Therefore, a Notice of Allowance for Claims 46-85 is earnestly solicited.
`
`Respectfully submitted,
`
`OBLON, SPIVAK, McCLELLAND,
`MAIER & NEUSTADT, L.L.P.
`
`
`
`Attorney of ecord
`Registrati
`I] No. 42,866
`
`.
`Aldo Mamnez
`Registration No. 61,357
`
`Customer Number
`22850
`
`Tel: (703) 413—3000
`Fax: (703) 413 —2220
`(OSMMN 08/09)
`
`13
`
`VMware Exhibit 1007 Page 13
`
`VMware Exhibit 1007 Page 13
`
`