Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 6 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 6 recites, “centralized user identification component is hosted by one of the servers of the computer network, in particular the login security server” and claim 6 depends from claim 1 which shows the central user identification component as an intermediary between the application server and the login security server.  More specifically, claim 1 states “said computer network further comprising a centralized user identification component adapted to interface with the at least one application server and the login security server” and “transmitting said identification data and the list of at least one requested applications to the login security server”.  The centralized user identification component could not be located at the login server since it transmit the identification data to the login security server because functions as an intermediary when viewing it in context of claim 1, from which it depends upon.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim 14 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter.
As per claim 14, “the broadest reasonable interpretation of "computer readable medium" is directed to both transitory and non-statutory subject matter such as signals and carrier waves. 
Examiner suggest an amendment "non-transitory computer readable medium " Thisamendment would not be considered new matter. 
See MPEP 2106, "See, e.g., In re Nuitjen, Docket no. 2006-1371 (Fed. Cir. Sept.20, 2007)(slip. op. at 18)("A transitory, propagating signal like Nuitjen's is not a 'process,machine, manufacture, or composition of matter.'. Thus, such a signal cannot bepatentable subject matter.")." 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which 

Claims 1-4, 6 and 13-15 are rejected under 35 U.S.C. 103 as being unpatentable over Mitevski (US 2017/0134385) in view of Obaidi (US 2019/0377853)

As per claim 1, Mitevski discloses a computer network adapted to provide secured access to applications for a user, said computer network comprising:
at least one application server hosting a plurality of applications, said at least one application server being adapted to receive an access request emitted by the user and to grant access to at least one of the plurality of applications; ([0107] At operation 812, client 804, transmits a request for data to the web application 806 on server 102. The request may include a cookie which was previously obtained for the session and stored in the client. The request would indicate the data requested.)
a login security server configured for deciding access for the user based on data contained in a central generic access control file and in the access request; ( [0111] In some other example embodiments, in addition to or in place of checking the locally maintained table, at operation 820, the external server transmits a request to core services 808 requesting for confirmation of the request for data. [0112] At operation 822, the core services application 808 checks the session table and/or other data structure to determine if the data request is authorized. Fig. 8: item 808)
said computer network further comprising a centralized user identification component adapted to interface with the at least one application server and the login security server, said at least one application server being configured to transmit the access request to the centralized user identification component, ([0110] At operation 818, the external server 810 receives the request. In some embodiments, the processing at operation 818 may include checking a locally 
and said centralized user identification component is configured for: receiving the transmitted access request; ([0110] At operation 818, the external server 810 receives the request.)
transmitting said identification data and the list of at least one requested applications to the login security server; [0111] In some other example embodiments, in addition to or in place of checking the locally maintained table, at operation 820, the external server transmits a request to core services 808 requesting for confirmation of the request for data. ; Fig. 8: item 810)
retrieving from the login security server an access grant or denial command for each of the at least one requested application; and ([0112] At operation 822, the core services application 808 checks the session table and/or other data structure to determine if the data request is authorized. [0113] At operation 824, a status is reported to the external server.)
sending said access grant or denial command to the at least one application server. ([0115] At operation 828, a response is transmitted to the web application 806 based upon whether the data is to be provided to the client or not. The response may either include the requested data or include a failure notice.)

Obaidi discloses said access request comprising a list of at least one requested application ([0062] At block 410, the authentication platform 102 may receive a request from an application to authenticate a particular user. In various embodiments, the application may be a standalone application on a user device, a web application that is accessible via a web interface, a client application that accesses an online service, and/or so forth. The application may initiate the adaptive authentication when the user is requesting access to a resource or when the user is accessing the resource.)and 
displaying a central login panel to the user, said central login panel being adapted according to the at least one requested application; receiving identification data of the user from the central login panel.  (0063] At block 412, the authentication platform 102 may generate an authentication question and a correct answer for the question based on a detail of an event that deviates from the baseline behavior pattern. The authentication question and the correct answer may be generated as an authentication combination that is identified by a user identifier of the user.  0064]; At block 416, the authentication platform 102 may receive an inputted answer from the application.)
Before the effective filing date, it would have been obvious for the request to include the application and for the centralized server to be modified to request and receive additional identification of user information at the central which related to a behavior pattern of the user at the centralized server.  The motivation would have been to further secure the application by preventing unauthorized access to the application. 


 at least part of said static non transactional data being displayed to the user by the central login panel, upon display of the central login panel. ((0063] At block 412, the authentication platform 102 may generate an authentication question and a correct answer for the question based on a detail of an event that deviates from the baseline behavior pattern. The authentication question and the correct answer may be generated as an authentication combination that is identified by a user identifier of the user.  0064]; At block 416, the authentication platform 102 may receive an inputted answer from the application.)

As per claim 3,  Mitevski / Obaidi disclose the computer network according to claim 2, wherein the static non transactional data are distributed to the cache memory by means of a Content Delivery Network architecture, ([0023]; various embodiments, each user device may send the data via a communication link provided by the wireless carrier network 104, or a communication link that is provided by an alternative network in the form of a local area network (LAN), a larger network such as a wide area network (WAN), or a collection of networks, such as the Internet.)

As per claim 4, Mitevski / Obaidi disclose the computer network according to claim 2.  Obaidi discloses wherein said non transactional data are selected by the centralized user identification component based on a user current location ([0022];For example, the collection application 114 may periodically send a geolocation of the user device to the authentication platform 102. In turn, the authentication platform 102 may use a database of privacy rules and regulations to determine the types of user behavior data that the wireless carrier network 104 is 
and said at least one requested application. ([0062]; At operation 406, the native app on client device 104b communicates with the web application on the server device by transmitting HTTP requests and receiving JSON formatted data. As noted above, server-side checks on the validity of the session are made before requested data is sent to the requesting native app.)

As per claim 6, Mitevski / Obaidi disclose the computer network according to claim 1.  Obaidi discloses wherein the centralized user identification component is hosted by one of the servers of the computer network, in particular the login security server. ([0062]; The application may initiate the request by calling an API of the authentication platform 102 with the request to authenticate the particular user, in which the request includes a user identifier of the user. For example, the API may be an operating system API, a remote API, or a web API.)

	As per claims 13-15, please see the discussion under claim 1 as similar logic applies.
 
Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Mitevski (US 2017/0134385) / Obaidi (US 2019/0377853) further in view of Satpathy et al. – hereinafter Satpathy (US 9,219,720)

As per claim 5, Mitevski / Obaidi disclose the computer network according to claim 1.  Obaidi fails to disclose discloses wherein the central login panel is hosted in a server located close to the user, such as the server being located in the same country as the user. 
Satpathy discloses wherein the central login panel is hosted in a server located close to the user, such as the server being located in the same country as the user. (Col 5 line 50 – Col 6 line 3; For example, verifying the user's identity may require checking the IP address and 
Before the effective filing date, it would have been obvious for the central login panel to be located in the same country as the user.  The motivation would have been to reduce the risk of an unauthorized user.  The motivation would have been to further secure the application by preventing unauthorized access to the application. 

	Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Mitevski (US 2017/0134385) / Obaidi (US 2019/0377853) further in view of Wu et al. – hereinafter Wu (US 2014/0101742)

	As per claim 12, Mitevski / Obaidi disclose the computer network according to claim 1.  Mitevski fails to disclose wherein the centralized user identification component is implemented with a light HTML / JQuery framework using cross-origin resource sharing technology as a communication language.  Wu discloses wherein the centralized user identification component is implemented with a light HTML / JQuery framework using cross-origin resource sharing technology as a communication language.  ([0079] In some embodiments, a front end script technology of JavaScript, jQuery, FLASH, etc., can be applied on a webpage to encrypt the authentication certificate of the diagram pattern that is inputted by a user before the authentication certificate is sent to the server terminal)
	Before the effective filing date, it would have been obvious for the centralized user identification component to be implemented with a jQuery to perform encryption.  The motivation would have been to use an easier scripting language to implement security protocols.



Allowable Subject Matter
Claims 7-11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent toapplicant's disclosure.  
Marcovecchio et al. – (US 2019/0057204) - Methods and devices for accessing protected applications.
Edelman (US 2008/0276309) - System and Method for Securing Software Applications.
Copsey (US 2015/0020214) – System and method for access control using network verification. 
Any inquiry concerning this communication or earlier communications from theexaminer should be directed to Chirag R Patel whose telephone number is (571)272-7966. The examiner can normally be reached on Monday to Friday from 8:00AM to 4:30PM. If attempts to reach the examiner by telephone are unsuccessful, theexaminer's supervisor, Glenton Burgess, can be reached on 571-272-3949. The fax phone number for the organization where this application or proceedingis assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status informationfor published applications may be obtained from either Private PAIR or PublicPAIR. Status information for unpublished applications is available throughPrivate PAIR only. For more information about the PAIR system, see

/Chirag R Patel/
Primary Examiner, Art Unit 2454