Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This action is in response to an application filed March 29, 2019. Claims 1-20 are pending in this application.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Borzycki et al. (US 8,613,070 B1), in view of Curtis et al. (US 2007/0277228 A1).

With respect to claim 1, Borzycki discloses a system, comprising:
a computing device comprising at least one processor and at least one memory (Col. 3, lines 48-55); and
machine-readable instructions stored in the at least one memory that, when executed by the at least one processor (Col. 3, lines 48-55), cause the computing device to at least:

receive a single sign-on (SSO) token (Col. 3, lines 41-45 and Col. 22, lines 39-45, SSO credential for allowing access to enterprise resources), the SSO token representing a user account authenticated with an identity manager (Col. 3, lines 41-45 and Col. 22, lines 39-45, SSO credential for allowing access to enterprise resources);
identify authentication data for the network service based on the SSO token (Col. 20, lines 43-50, SSO provides single set of credentials to gain access to enterprise resources);
append an authentication header to the service request (Col. 73, lines 52-61, attaching an authorization header to a request), the authentication header comprising: a service credential for authentication with the network service, or instructions to retrieve the service credential from a server external to local computing environment of the computing device (Col. 73, lines 58-61 and Col. 21, lines 23-29, header includes certificates for services); 
Borzycki does not explicitly disclose causing the computing device to:
determine, based on the authentication data, a hosting location of a connector for the network service;
transmit, to the connector, the service request comprising the authentication header;



determine, based on the authentication data, a hosting location of a connector for the network service (Abstract, [0010]. And [0014], authentication request is addressed to network gateway (also known as access control device working as a connector) to identify target resource using URL of resource);
transmit, to the connector, the service request comprising the authentication header ([0014], authentication request including header is sent via intermediary to the network access control device);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Borzycki with the teachings of Curtis and determine a hosting location of a connector for a network service, in order to allow an intermediary perform authentication access to network resources requested by a client and prevent snooping or thief of the client’s credentials.
With respect to claim 2, the combination of Borzycki and Curtis discloses the system of claim 1, wherein Borzycki discloses the instructions, when executed by the at least one processor, cause the computing device to at least:
include, in the authentication header, the instructions to retrieve the service credential from server external to the local computing environment (Col. 73, lines 58-61 and Col. 21, lines 23-29); and 
Curtis further discloses determining that the hosting location of the connector is external to a local computing environment of the computing device (Figure 1 and [0010], gateway is outside of network access control device).
With respect to claim 3, the combination of Borzycki and Curtis discloses the system of claim 2, wherein Curtis further discloses the instructions to retrieve the service credential comprise a network address for the server (Abstract, [0010], and [0014]).
With respect to claim 4, the combination of Borzycki and Curtis discloses the system of claim 1, wherein Borzycki discloses the instructions, when executed by the at least one processor, cause the computing device to at least:
include the service credential in the authentication header (Col. 73, lines 58-61 and Col. 21, lines 23-29); and 
Curtis further discloses determining that the hosting location of the connector is within a local computing environment of the computing device (Figure 1 and [0010], gateway is outside of network access control device).
With respect to claim 5, the combination of Borzycki and Curtis discloses the system of claim 1, wherein Curtis further discloses the hosting location of the connector is determined based on a network address of the connector (Abstract, [0010]. And [0014], authentication request is addressed to network gateway (also known as access control device working as a connector) to identify target resource using URL of resource).
With respect to claim 6, the combination of Borzycki and Curtis discloses the system of claim 1, wherein Borzycki discloses the instructions, when executed by the at least one processor, cause the computing device to at least:

With respect to claim 7, the combination of Borzycki and Curtis discloses the system of claim 6, wherein Borzycki discloses the instructions, when executed by the at least one processor, cause the computing device to at least:
provide, to the client device, the data retrieved from the network service (Col. 3, lines 41-45 and Col. 22, lines 39-45, accessing the target resources).
	With respect to claim(s) 8-20, the non-transitory medium and method of claim(s) 8-20 does/do not limit or further define over the system of claim(s) 1-7. The limitations of claim(s) 8-20 is/are essentially similar to the limitations of claim(s) 1-7. Therefore, claim(s) 8-20 is/are rejected for the same reasons as claim(s) 1-7. Please see rejection above.	
	

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807.  The examiner can normally be reached on Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                             June 4, 2021