DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/26/2021 has been entered.
 
Response to Amendment
	Claims 1, 19 and 21 have been amended. Claims 1-22 are currently pending.

Response to Arguments
	Applicant’s arguments with respect to claim 1 have been considered but are moot in view of new grounds of rejections. Applicant’s remaining arguments are based on Applicant's arguments against claim 1.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 3-7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba, US-20110010544-A1 (hereinafter “Inaba ‘544”; provided by IDS dated 08/14/2018) in view of Lee, US-20130276070-A1 (hereinafter “Lee ‘070”) and McMullen et al., US-20070113187-A1 (hereinafter “McMullen ‘187”) and Leshinsky et al., US-10372926-B1 (hereinafter “Leshinsky ‘926”).
Per claim 1 (independent):
Inaba ‘544 discloses: A system for a distributed memory data repository with load balancing for request processing, the system comprising a plurality of data centres and a repository switch connected by a network, each of the plurality of data centres having a node to provide the distributed memory data repository across a plurality of nodes ([0003], “The authentication processes for authenticating a lot of users places a heavy processing load on authentication servers. Therefore, in order to lighten the processing load, there is a scheme where authentication servers are provided, a user profile database is divided, the authentication servers store the respective divided parts of the database, and the corresponding authentication servers perform the authentication processes.”; FIG. 2, [0043], “client 100, distribution server 200, database 300, RADIUS servers 400-1 to 400-3 and databases 500-1 to 500-3.”; [0044], “Client 100 is a terminal that a user operates to issue an authentication request”; [0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.”; [0053], “… databases 500-1 to 500-3, connected to respective the piece of user profile data of the user. That is, this information indicates the server at which the user can be authenticated from among RADIUS servers 400-1 to 400-3”; FIG. 6, [0061], “RADIUS server 400-1 shown in FIG. 2 includes distribution server interface 411, encryptor/decryptor 412 and authenticator 413,” where an authentication request (data request) is routed to each of the plurality of RADIUS servers 400-1 to 400-3 (data centres) via the distribution server 200 (repository switch) and each of RADIUS server to which the databases 500-1 to 500-3 (data repository) are connected receives the authentication request through the server interface (node). Note that the authentication requests are distributed among the RADIUS servers in order to lighten the authentication processing load, i.e. load balancing.);
the repository switch … for routing a first data request to the first data centre  of the plurality of data centres for verification of credentials of the first data request, the first data centre comprising a node, a processor, a switch and a memory, the switch for routing the first data request to the node of the first data centre, the memory having a data repository storing verification credentials ([0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.”; [0053], “… databases 500-1 to 500-3, connected to respective RADIUS servers 400-1 to 400-3 stores the piece of user profile data of the user. That is, this information indicates the server at which the user can be authenticated from among RADIUS servers 400-1 to 400-3”; FIG. 10, [0076], “In step 5, when Access-Request as the authentication request signal is transmitted from client 100 via distribution server 200, the authentication request signal received by distribution server interface 411 of RADIUS server 400-1 is decrypted by encryptor/decryptor 412 using the TLS parameter”; [0077], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412” where an access-request (data request) is routed to the distribution server interface 411 of RADIUS server 400-1 (data center) among the group of RADIUS servers via the distribution server 200 (repository switch) and the authenticator 
Inaba ‘544 does not disclose but Lee ‘070 discloses: the repository switch for load balancing of requests to select a first data centre of the plurality of data centres using load data for the plurality of data centres and for routing a first data request to the first data centre selected using the load data (FIG. 1A, FIG. 3, [0043], “a user opening a web-browser 199 and navigating to login.serviceprovider.com. A load balancer 198 responsible for handling such requests may select datacenter NA1 (North America #1) for handling the request based on geographic proximity to the user making the request or based on resource availability, or based on server load … an application server 196 at the NA1 datacenter looks up the username specified as described previously and determines that username is not at NA1 but rather, is at NA6 (e.g., North America #6) … a cross-instance call to the NA6 datacenter to perform authentication for the user making the request based on the specified username being associated with the NA6 datacenter. Subsequent to successful authentication of the login request by the NA6 datacenter” where a request including username and password from the web-browser 199 reaches at the load balancer 198 that may select initially datacenter NA1 for handling the request based on geographic proximity and/or server load (load data) and then the application server 196 of the datacenter NA1 would route the request for performing authentication to NA6 data center (first data centre) via the cross-instance call if the username associated with the request is found out at the NA6 datacenter among a plurality of datacenters (See FIG. 3).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 with the cross-instance calls between different data centers for performing authentications of a user based on geographic proximity and/or server load as well as a specified user name as taught by Lee ‘070 because such a distributed 
Inaba ‘544 in view of Lee ‘070 does not disclose but McMullen ‘187 discloses: the processor configured to execute machine readable instructions stored in the memory to control the node to verify by pre-authentication validation of the first data request using the credentials of the first data request and the data repository storing the verification credentials prior to a subsequent authentication and, only upon verification of the first data request by the node, route the first data request to another computer resource for the subsequent authentication ([0077], “the communities framework membership capabilities are mapped one-to-one to specific WebLogic® Server roles … These membership capabilities can be declared in a community config.xml file”; [0079], “every role defined in an editable file has a set of functional capabilities associated with it, which specify what a member in that role is allowed to do”; FIG. 7, [0090], “the combined levels of security for the communities framework” ; [0091], “In step 700, a member such as member_A requests to perform a specific task on some resource”; [0092], “In step 702, the system can then determine what membership capability (role) member_A has been assigned to. For example, member_A may have been assigned to the role of Contributor.”; [0093], “In step 704, the system can check which functional capabilities member_A's role is mapped to”; [0094], “In step 706, … determine whether security level one allows member_A access to the repository … Since member_A has been assigned to Contributor role and since the Contributor role is allowed to update resources in the repository, the system can allow member_A security access to the repository and proceed to step 710”; [0095], “In step 710, security level two is entered. The system proceeds to the repository level and obtains the entitlements and visibility information for the requested resource … If the entitlement and visibility information also allow access, then member_A would be allowed to update the resource issue_A, as illustrated in step 716” where a (data) request to perform a specific task on some resource from a member is verified to be mapped into a role and 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 with the double layer security for a collaborative computing environment where the security level one is implemented via membership and functional capabilities and in response to a verification result of the security level one, the security level two is carried out via entitlements and visibility information as taught by McMullen ‘187 because it would provide efficiency, simplicity and performance since it can control access right in a flexible way [0096].
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 does not disclose but Leshinsky ‘926 discloses:  the switch for routing the first data request to the node across a plurality of nodes ([Col. 23], ll. 51- [Col. 24], ll. 2, “Each database query request 515 … which may be sent to client-side driver 540 for subsequent routing to distributed storage system 530. In this example, client-side driver 540 … may send them to specific ones of the storage nodes 535 of specific protection groups” [Emphasis added.] where the client-side driver (switch) routes the database query request (data request) to the specific ones of the storage nodes (plurality of nodes).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 with the client-side driver (switch) for routing database query requests for the distributed storage system 

Per claim 3 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 discloses: The distributed memory data repository of claim 1, wherein the first data request comprising access credentials, wherein the node verifies the first data request by processing the access credentials using stored access credentials at the memory ([0053], “… databases 500-1 to 500-3, connected to respective RADIUS servers 400-1 to 400-3 stores the piece of user profile data of the user. That is, this information indicates the server at which the user can be authenticated from among RADIUS servers 400-1 to 400-3” [Emphasis added.]; FIG. 7, [0067], “The information stored in database 500-1 shown in FIG. 2 associates user ID "user 1" with password "password 1", as shown in FIG. 7” [Emphasis added.]).

Per claim 4 (dependent on claim 3):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 3 above, incorporated herein by reference.
Inaba ‘544 discloses: The distributed memory data repository of claim 3, wherein upon the access credentials not being verified at the first data centre, the repository switch being configured to re-route the first data request to a second data centre of the plurality of data centres for verification using other stored access credentials at the second data centre (FIG. 11, [0083], “In step 15, when Access-Request as the authentication request signal is transmitted from client 100 via distribution server received by distribution server interface 411 of RADIUS server 400-1 …”; [0084], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412. Here, since a case where the user has user ID "user 4" is exemplified, the user ID is not searched for from database 500-1”; [0085], “The user ID is outputted from authenticator 413 to distribution server interface 411. In step 16, a transfer request signal, where an attribute indicating a transfer request has been added to Access-Reject including the user ID and the above TLS parameter, is transmitted from distribution server interface 411 to distribution server 200 (arrow C shown in C).” [Emphasis added.]; [0091], “The user ID is extracted from the received transfer request signal by RADIUS server interface 202. The extracted user ID is outputted from RADIUS server interface 202 to server selector 203” [Emphasis added.]; [0092], “Server selector 203 acquires the IP address of the acquired authentication server number from the authentication server information of database 300.” [Emphasis added.]; [0093], “Subsequently, in step 17, this Access­Request is transmitted from RADIUS server interface 202 to RADIUS server 400-2, which has the IP address outputted from server selector 203 (arrow D shown in FIG. 2” [Emphasis added.] where an authentication request signal is transmitted to the RADIUS server 400-1 (first data center) in which the authentication is failed since the user ID has not been searched. Subsequently, the transfer request signal is sent back to the distribution server (repository switch) where the extracted user ID is outputted to the server selector that re-routes the authentication request signal to another RADIUS server 400-2 (second data center)).

Per claim 5 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
The distributed memory data repository of claim 1, wherein the repository switch is configured to route a second data request to a ([0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.” [Emphasis added.]; FIG. 10, [0076], “In step 5, when Access-Request as the authentication request signal is transmitted from client 100 via distribution server 200, the authentication request signal received by distribution server interface 411 of RADIUS server 400-1 is decrypted by encryptor/decryptor 412 using the TLS parameter” [Emphasis added.]; [0077], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412” [Emphasis added.] where the access-request (data request) is routed to the distribution server interface 411 (node) of RADIUS server 400-1 (data center) via the distribution server 200 (repository switch) and an authentication (verification of credentials) is completed by the authenticator 413 in the RADIUS server via the encryptor/decryptor.);  ([0076], “the authentication request signal received by distribution server interface 411 of RADIUS server 400-1 is decrypted by encryptor/decryptor 412 using the TLS parameter. The user ID is extracted from the authentication request signal decrypted by encryptor/decryptor 412”; [0077], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412”; [0078], “When authenticator 413 searches for the user ID from database 500-1, Access-Challenge, as the authentication response signal, is transmitted from distribution server interface 411 to client 100 via distribution server 200, in step 6” [Emphasis added.] where the authenticator in the RADIUS server (node) searches the database (data repository) 
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 does not disclose but Leshinsky ‘926 discloses:  the switch for routing the first data request to the node ([Col. 23], ll. 51- [Col. 24], ll. 2, “Each database query request 515 … which may be sent to client-side driver 540 for subsequent routing to distributed storage system 530. In this example, client-side driver 540 … may send them to specific ones of the storage nodes 535 of specific protection groups” [Emphasis added.] where the client-side driver (switch) routes the database query request (data request) to the specific ones of the storage nodes.).

Per claim 6 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 discloses: The distributed memory data repository of claim 1, wherein, upon verification of the first data request by the first data centre, the repository switch is configured to route data traffic to the first data centre for storage and processing ([0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.” [Emphasis added.]; FIG. 10, [0076], “In step 5, when Access-Request as the authentication request signal is transmitted from client 100 via distribution server 200, the authentication request signal received by distribution server interface 411 of RADIUS server 400-1 is decrypted by encryptor/decryptor 412 using the TLS parameter” [Emphasis added.]; [0077], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412” [Emphasis added.]; [0079], “in steps 7 and 8, a packet including the password is exchanged between client 100 and RADIUS server 400-1, and the authentication is completed” [Emphasis added.] where the access-request (data request) is routed to the distribution server interface 411 (node) of RADIUS server 

Per claim 7 (dependent on claim 6):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 6 above, incorporated herein by reference.
Inaba ‘544 discloses: The distributed memory data repository of claim 6, wherein the first data centre is configured to route the data traffic to a second data centre for storage and processing ([0050], “Server selector 203 searches for information stored in database 300 on the basis of the user ID outputted from RADIUS server interface 202, and selects the RADIUS server to which the authentication request signal is transferred, from among RADIUS servers 400-1 to 400-3.” [Emphasis added.]).

Per claim 17 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to route the first data request to the first data centre using a sequence of data centres (FIG. 2, [0043], “client 100, distribution server 200, database 300, RADIUS servers 400-1 to 400-3 and databases 500-1 to 500-3.”; [0044], “Client 100 is a terminal that a user operates to issue an authentication request” [Emphasis added.]; [0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.” [Emphasis added.] where the authentication request (data request) is routed to each of the sequence of RADIUS servers 400-1 to 400-2 (data centres) via the distribution server (repository switch).).

Claim(s) 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Banerjee et al., US-8732267-B2 (hereinafter “Banerjee ‘267”).
Per claim 2 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Banerjee ‘267 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured for load balancing  to  collect the load data for the plurality of data centres in real-time and select the first data centre from the plurality of data centres using load data  indicating current usage for the plurality of data centres ([Col. 6], ll. 25-37, “Additionally, the placement system 120 may consider the current workload of the data centers 110 in calculating the suitability value. Thus, for example, if the data center 1101 is operating at 90% capacity and the data center 1102 is operating at 10% capacity, the placement system 120 may give a preference ( e.g., by way of a higher suitability value) to the data center 1102 in order to balance the workload between all the data centers 110” [Emphasis added.]; FIG. 4, [Col. 10], ll. 25-65, “for selecting a data center for fulfilling a resource request … where the service placement component 150 receives a virtual data center request from a user (step 420) … Upon receiving the request … identifies a plurality of available data centers for fulfilling the request (step 425) … calculates a suitability value for each of the identified data centers (step 430) … selects a data center for use in fulfilling the request based upon the calculated suitability values (step 435)” [Emphasis added.]; [Col. 9], ll. 33-55, “As discussed above, the service placement component 150 may then calculate one or more metrics for each data center based on the request … the service placement component 150 may determine the availability of firewall and load balancer network capabilities at each data center.” [Emphasis added.] where the service placement component 150 receives a virtual data center request and then selects a data center based on the calculation of a suitability value for each of the identified data centers. Note that the suitability value may be calculated by considering the current workload (load data) of the data centers in the service place component 150, i.e., the load balancer network capabilities.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the selection of a data center based on the suitability value associated with the current workload of the data centers as taught by Banerjee ‘267 because it would improve the performance of the virtualized data center instantiated based on the request, and may better balance the workload and other desirable operating conditions between the data centers [Col. 6], ll. 38-48.

Claim(s) 8-11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Anand et al., US-8315977-B2 (hereinafter, “Anand ‘977”).
Per claim 8 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Anand ‘977 discloses: The distributed memory data repository of claim 1, wherein the processor of the first data centre is configured to transmit a synchronization request to the repository switch to update the data repository with data stored at the plurality of data centre (FIG. 2, [Col. 8], ll. 36-67, “a relational view of synchronization applications running in a data center 110 and a cloud 120 … the data center 110 may include a database manager application 210 and a data center replicator application 220 modified records may be transferred by the database manager 210 to the cloud replicator 230 in the cloud 120 via network, e.g., the network 150 illustrated in FIG. 1” [Emphasis added.] where the database manager application (processor of first data centre) sends the modified records (synchronization request) to the cloud replicator (repository switch) to update the databases (data repository) in the cloud.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the synchronization request via the date center to update the data repository as taught by Anand ‘977 because it would be advantageously used to selectively replicate data from the cloud databases to the data center or vice versa [Col. 11], ll. 33-39.

Per claim 9 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Anand ‘977 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to transmit synchronization requests to the plurality of data centres to update the data repository with data stored at the plurality of data centres (FIG. 2, [Col. 8], ll. 36-67, “a relational view of synchronization applications running in a data center 110 and a cloud 120 … the data center 110 may include a database manager application 210 and a data center replicator application 220 running therein …” [Emphasis added.]; [Col. 10], ll. 13-26, “The data center replicator 220 … configured to compare time stamps indicating the time of last modification of corresponding records in the databases 127 at the data center 110. Based on the comparisons, if the most recent copy of a data update a corresponding record in the databases 127.” [Emphasis added.] where the data center replicator (repository switch) updates the databases (data repository) in the data center by sending modified records.).

Per claim 10 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Anand ‘977 discloses: The distributed memory data repository of claim 1 wherein the repository switch is configured with rules for processing network traffic for routing to the first data centre ([Col. 10], ll. 13-26, “The data center replicator 220 may be configured to scan data records stored in the databases 177 to identify modified data records. … … configured to compare time stamps indicating the time of last modification of records in the databases 177 with time stamps indicating the time of last modification of corresponding records in the databases 127 at the data center 110. Based on the comparisons, if the most recent copy of a data record is found in the databases 177, the data center replicator 220 may update a corresponding record in the databases 127” [Emphasis added.] where the data center replicator (repository switch) routes the most recent traffic data to the databases (data repository) in the data center based on the rule of the timestamp comparisons.).

Per claim 11 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Anand ‘977 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to receive updated data and systematically distributed the updated data to the plurality of data centres ([Col. 9], ll. 20-29, “the cloud replicator 230 may be adapted to implement business logic and rules configured to ensure that the databases 177 are accurately updated. One example of business rule may be that the databases 177 can be updated with only the most recently modified data. In other words, in one embodiment, if a modified data record is received by the cloud replicator 230 from the database manager 210, the databases 177 may be updated only if the modified record is the most recently modified version of the data record” [Emphasis added.]; [Col. 10], ll. 13-26, “The data center replicator 220 may be configured to scan data records stored in the databases 177 to identify modified data records. … … configured to compare time stamps indicating the time of last modification of records in the databases 177 with time stamps indicating the time of last modification of corresponding records in the databases 127 at the data center 110. Based on the comparisons, if the most recent copy of a data record is found in the databases 177, the data center replicator 220 may update a corresponding record in the databases 127” [Emphasis added.] where for example, the data center replicator (repository switch) systematically distributes and updates the most recent version of modified data based on the business logic and rules).

Claim(s) 12-13 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Yokohata et al., US-7774572-B2 (hereinafter “Yokohata ‘572”).
Per claim 12 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Yokohata ‘572 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to receive a repository deficiency notification from a requesting data centre, and route the repository deficiency notification to the first data centre to trigger a fail-safe mode for the requesting data centre ([Col. 4], ll. 29-36, 56-65, “monitor means for monitoring information on a total volume of data stored in each of the storage units or in all the storage units, the  for calculating an index value on the basis of a result of the monitor by the monitor means, and location means for distributively locating (allocating) or relocating the logical storage areas in the physical storage areas on the plurality of storage units through the control modules on the basis of the index value calculated by the index value calculating means … the distributed storage system further comprises at least one of notification means for, when the usage rate of the entire system monitored by the monitor means exceeds a level set in advance, notifying this fact to a system manager and means for automatically adding a spare storage unit, prepared in advance, through a control module for the spare storage unit … the index value calculating means or the location means is mounted in at least one of the control module” [Emphasis added.]; FIG.1, [Col. 8], ll. 29-34, “a distributed network storage system … storage units 20 (20-1 to 20-6), control modules 21 (21-1 to 21-6), data processing units 30, a network 40, a monitor agent 50 and a location agent 60.” [Emphasis added.]; [Col. 9], ll. 26-29, 35-39, 48-50,  “The monitor agent (monitor means) 50 is for monitoring, through the network 40, the information about the total volume of data stored in each of the storage units 20 or in all the storage units 20 … the location means 62 is for conducting the data movement to realize the system equalization and for distributively locating or relocating the logical storage areas on the physical storage areas of the storage units 20 through the network 40 and the control modules 21 … the data movement (relocation of the logical storage areas in the physical storage areas on the storage units 20) is conducted between the storage units 20.” [Emphasis added.] where if the usage rate exceeds the level set in advance, i.e., the repository deficiency notification is received at the monitor agent, the control module of each storage unit automatically adding a spare storage unit prepared in advance to make sure it is the fail-safe operation 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the preparation for repository deficiency as the fail-safe mode as taught by Yokohata ‘572 because it would carry out efficient and stable operation control of a system even if the usage rate of the entire system varies under a situation in which the characteristics of storage units, such as the maximum available total capacities or speed performance, differ largely from each other [Col. 4], ll. 10-17.

Per claim 13 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Yokohata ‘572 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to systematically detect repository deficiencies of any of the plurality of data centres and delegate a defense process to another data centre for a requesting data centre, the defense process to systematically enter a fail-safe allow all mode it response to the detected repository deficiencies ([Col. 4], ll. 29-36, 56-65, “monitor means for monitoring information on a total volume of data stored in each of the storage units or in all the storage units, index value calculating means for calculating an index value on the basis of a result of the monitor by the monitor means, and location means for distributively locating (allocating) or relocating the logical storage areas in the physical storage areas on the plurality of storage units through the control modules on the basis of the index value calculated by the index value calculating means … the distributed storage system further notification means for, when the usage rate of the entire system monitored by the monitor means exceeds a level set in advance, notifying this fact to a system manager and means for automatically adding a spare storage unit, prepared in advance, through a control module for the spare storage unit … the index value calculating means or the location means is mounted in at least one of the control module” [Emphasis added.]; FIG.1, [Col. 8], ll. 29-34, “a distributed network storage system … storage units 20 (20-1 to 20-6), control modules 21 (21-1 to 21-6), data processing units 30, a network 40, a monitor agent 50 and a location agent 60.” [Emphasis added.]; [Col. 9], ll. 26-29, 35-39, 48-50,  “The monitor agent (monitor means) 50 is for monitoring, through the network 40, the information about the total volume of data stored in each of the storage units 20 or in all the storage units 20 … the location means 62 is for conducting the data movement to realize the system equalization and for distributively locating or relocating the logical storage areas on the physical storage areas of the storage units 20 through the network 40 and the control modules 21 … the data movement (relocation of the logical storage areas in the physical storage areas on the storage units 20) is conducted between the storage units 20.” [Emphasis added.] where the usage rate of the entire distributed storage system over the network is monitored by the monitor agent as FIG. 1 and the data movement (defense process) in the storage units happens (delegate) by distributively locating storage areas calculated in advance on the basis of the calculated index value. It would be the fail-safe allow all mode since it has been prepared in advance by considering all possible usage rate in all nodes.).

Per claim 15 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Yokohata ‘572 discloses: The distributed memory data repository of claim 1, wherein the repository switch is configured to enable an administrator device to enable and disable a defense system rapidly across all nodes ([Col. 4], ll. 29-36, 56-65, “monitor means for monitoring information on a total volume of data stored in each of the storage units or in all the storage units, index value calculating means for calculating an index value on the basis of a result of the monitor by the monitor means, and location means for distributively locating (allocating) or relocating the logical storage areas in the physical storage areas on the plurality of storage units through the control modules on the basis of the index value calculated by the index value calculating means … the distributed storage system further comprises at least one of notification means for, when the usage rate of the entire system monitored by the monitor means exceeds a level set in advance, notifying this fact to a system manager and means for automatically adding a spare storage unit, prepared in advance, through a control module for the spare storage unit … the index value calculating means or the location means is mounted in at least one of the control module” [Emphasis added.]; FIG.1, [Col. 8], ll. 29-34, “a distributed network storage system … storage units 20 (20-1 to 20-6), control modules 21 (21-1 to 21-6), data processing units 30, a network 40, a monitor agent 50 and a location agent 60.” [Emphasis added.]; [Col. 9], ll. 26-29, 35-39, 48-50,  “The monitor agent (monitor means) 50 is for monitoring, through the network 40, the information about the total volume of data stored in each of the storage units 20 or in all the storage units 20 … the location means 62 is for conducting the data movement to realize the system equalization and for distributively locating or relocating the logical storage areas on the physical storage areas of the storage units 20 through the network 40 and the control modules 21 … the data movement (relocation of the logical storage areas in the physical storage areas on the storage units 20) is conducted between the storage units 20.” [Emphasis added.]  where the monitor agent (administrator device) is configured to enable or disable the data movement (defense system) on the basis of the calculated index value which depends on the threshold level available for different settings.).

Claim(s) 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Jain et al., US-20160036837-A1 (hereinafter “Jain ‘837”).
Per claim 14 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Jain ‘837 discloses: The distributed memory data repository of claim 1, wherein the processor is configured to control the node to implement packet inspection for a fast evolving attack pattern, and share packet inspection notifications across the plurality of data centres for global protection ([0004], “A system and method for detecting attacks on a data center samples a packet stream by coordinating at multiple levels of data center architecture, based on specified parameters. The sampled packet stream is processed to identify one or more data center attacks. Further, attack notifications are generated for the identified data center attacks” [Emphasis added.]; FIG. 1, [0030], ll. 9-12, “the system 100 includes multiple geographically replicated datacenter architectures 102 connected to each other and to the Internet 104 via the border routers 106” [Emphasis added.]; [0032], ll. 10-13, “the edge routers 106 may sample inbound and outbound packets in intervals as brief as 1 minute. The sampling may be aggregated for reporting traffic volume 114 between nodes” [Emphasis added.]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the packet inspection for attack patterns as taught by Jain ‘837 because it would efficiently detect the cyberattacks on datacenters or cloud providers which generates large traffic volumes by processing the sampled packet streams [0002][0004][0005].

Claim(s) 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Yokohata ‘572 and McDougal et al., US-20110219451-A1 (hereinafter “McDougal ‘451”).
Per claim 16 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Yokohata ‘572 discloses: repository of claim 1, wherein the repository switch is configured to implement ([Col. 9], ll. 26-29, 35-39, 48-50,  “The monitor agent (monitor means) 50 is for monitoring, through the network 40, the information about the total volume of data stored in each of the storage units 20 or in all the storage units 20 … the location means 62 is for conducting the data movement to realize the system equalization and for distributively locating or relocating the logical storage areas on the physical storage areas of the storage units 20 through the network 40 and the control modules 21 … the data movement (relocation of the logical storage areas in the physical storage areas on the storage units 20) is conducted between the storage units 20.” [Emphasis added.] where the monitor agent monitors the usage rate of the entire distributed storage (all detective and self-capability features) and the data movement (defense process) in the storage units always happens (delegate) by distributively locating storage areas calculated in advance on the basis of the calculated index value, i.e., the defense blocking mode is always operational.).
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 and Yokohata ‘572 does not disclose but McDougal ‘451 discloses: a monitoring only mode and the defense blocking mode is not operational ([0026], “System 100, in various embodiments, may be configured to operate in one or more of an active mode, a passive mode, and a hybrid mode.” [Emphasis added.]; [0027], ll.1-4, 10-14, delay one or more operations while the malware process is proceeding, depending on the context in which system 100 is operating … when system 100 is operating in an active mode in a context where files are being uploaded, system 100 may stop a file from being uploaded until the malware detection process applied to the file has been completed” [Emphasis added.]; [0028], ll. 1-9, “System 100, in various embodiments, may operate in a passive mode. While in the passive mode, system 100 may not prevent the operation of processes while a file is being detected for malware. For example, when system 100 is handling e-mail messages or their attachments and operating in the passive mode, the e-mails may continue to be processed and delivered even though the malware detection process has not been completed” [Emphasis added.] where if the passive mode is enabled, which is equivalent of the monitoring only mode, it is still detecting or monitoring abnormal actions with full capacity (all detective and self-capability features) while the operation of processes is not prevented, i.e., a remedial action (defense blocking mode) is not carried out. ).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 and Yokohata ‘572 with the monitoring only mode as taught by McDougal ‘451 because by switching into a passive mode (monitoring only mode), the system may allow the analysis of the file to proceed without lowering the quality of service of services associated with the file being analyzed [0048].

Claim(s) 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Chan et al., US-20140289202 -A1 (hereinafter “Chan ‘202”).
Per claim 18 (dependent on claim 1):

Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Chan ‘202 discloses: The distributed memory data repository of claim 1, wherein the first data centre is configured to transmit a data restoration request to the repository switch, the repository switch being configured to route the data restoration request to a second data centre, the second data centre being configured to transmit data to the first data centre in response to restore the data repository (FIG. 1, [0019], ll. 1-8, “The distributed backup system 100 includes a server 110, e.g., a cloud storage server, configured to handle communications between the computing devices 130-150. The server 110 contains storage nodes 112. Each of the storage nodes 112 contains one or more processors 114 and storage devices 116.” [Emphasis added.]; FIG. 5, [0051], ll. 1-6, “a block diagram 500 for retrieving data files from a distributed backup system. A user issues a request 505 using from the computing device 130 for retrieving a data file from the server 110. If the server 110 has a copy of the data file, the server 110 returns the data file to the computing device 130” [Emphasis added.] where the computing devices (first data centre) transmits the request of retrieving data (restoration) to the server (second data centre) which routes the request to one of the storage nodes and the selected storage devices (data repository) transmits the data to the computing device. ).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the data restoration between data centres as taught by Chan ‘202 because the distributed backup system can optimize the backing up of data files by determining which data files are backed up to the cloud storage server and which data files are backed up to the computing devices based on the access pattern [0018], ll. 9-14.

Claim(s) 19-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 and Leshinsky ‘926.
Per claim 19 (independent):
Inaba ‘544 discloses: A process for a distributed memory data repository of a plurality of data centres and a repository switch   connected by a network, each of the plurality of data centres having a node and memory to distribute the distributed memory data repository across a plurality of nodes, the process comprising; routing the first data request to the node of the first data centre using the switch;  (FIG. 2, [0043], “client 100, distribution server 200, database 300, RADIUS servers 400-1 to 400-3 and databases 500-1 to 500-3.”; [0044], “Client 100 is a terminal that a user operates to issue an authentication request”; [0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.”; [0053], “… databases 500-1 to 500-3, connected to respective RADIUS servers 400-1 to 400-3 stores the piece of user profile data of the user. That is, this information indicates the server at which the user can be authenticated from among RADIUS servers 400-1 to 400-3”; FIG. 6, [0061], “RADIUS server 400-1 shown in FIG. 2 includes distribution server interface 411, encryptor/decryptor 412 and authenticator 413,” where an authentication request (data request) is routed to each of the plurality of RADIUS servers 400-1 to 400-3 (data centres) via the distribution server 200 (repository switch) and each of RADIUS server to which the databases 500-1 to 500-3 (data repository) are connected receives the authentication request through the server interface (node).);
Inaba ‘544 does not disclose but Banerjee ‘267 discloses: collect load data for the plurality of data centres in real-time; load balancing of requests, using the repository switch, to select a first data centre from the plurality of data centres using load data indicating current usage for the plurality of data centres ([Col. 6], ll. 25-37, “Additionally, the placement system 120 may consider the current workload of the data centers 110 in calculating the suitability value. Thus, for example, if the data center the service placement component 150 receives a virtual data center request from a user (step 420) … Upon receiving the request … identifies a plurality of available data centers for fulfilling the request (step 425) … calculates a suitability value for each of the identified data centers (step 430) … selects a data center for use in fulfilling the request based upon the calculated suitability values (step 435)” [Emphasis added.]; [Col. 9], ll. 33-55, “As discussed above, the service placement component 150 may then calculate one or more metrics for each data center based on the request … the service placement component 150 may determine the availability of firewall and load balancer network capabilities at each data center.” [Emphasis added.] where the service placement component 150 receives a virtual data center request and then selects a data center based on the calculation of a suitability value for each of the identified data centers. Note that the suitability value may be calculated by considering the current workload (load data) of the data centers in the service place component 150, i.e., the load balancer network capabilities.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 with the selection of a data center based on the suitability value associated with the current workload of the data centers as taught by Banerjee ‘267 because it would improve the performance of the virtualized data center instantiated based on the request, and may better balance the workload and other desirable operating conditions between the data centers [Col. 6], ll. 38-48.
Inaba ‘544 in view of Banerjee ‘267 does not disclose but Lee ‘070 discloses: routing, using the repository switch, a first data request to the first data centre selected using the load data for verification of credentials of the first data request, the first data request comprising access credentials, the first data centre comprising a node, a processor, a switch and a memory having a data repository storing access credentials (FIG. 1A, FIG. 3, [0043], “a user opening a web-browser 199 and navigating to login.serviceprovider.com. A load balancer 198 responsible for handling such requests may select datacenter NA1 (North America #1) for handling the request based on geographic proximity to the user making the request or based on resource availability, or based on server load … an application server 196 at the NA1 datacenter looks up the username specified as described previously and determines that username is not at NA1 but rather, is at NA6 (e.g., North America #6) … a cross-instance call to the NA6 datacenter to perform authentication for the user making the request based on the specified username being associated with the NA6 datacenter. Subsequent to successful authentication of the login request by the NA6 datacenter” where a request including username and password from the web-browser 199 reaches at the load balancer 198 that may select initially datacenter NA1 for handling the request based on geographic proximity and/or server load (load data) and then the application server 196 of the datacenter NA1 would route the request for performing authentication (verification of credentials) to NA6 data center (first data centre) via the cross-instance call if the username associated with the request is found out at the NA6 datacenter among a plurality of datacenters (See FIG. 3).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 with the cross-instance calls between different data centers for performing authentications of a user based on geographic proximity and/or server load as well as a specified user name as taught by Lee ‘070 because such a distributed authentication model would tolerate an outage incurred by a natural disaster or unexpected peak demand better than a centralized authentication model [0029][0030].
Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 does not disclose but McMullen ‘187 discloses: controlling the node using the processor to verify by pre-authentication validation of the first data request by processing the access credentials using the stored access credentials at the data repository of the memory prior to a subsequent authentication; only upon verification, routing the first data request using the processor to another computer resource for the subsequent authentication ([0077], “the communities framework membership capabilities are mapped one-to-one to specific WebLogic® Server roles … These membership capabilities can be declared in a community config.xml file”; [0079], “every role defined in an editable file has a set of functional capabilities associated with it, which specify what a member in that role is allowed to do” [Emphasis added.]; FIG. 7, [0090], “the combined levels of security for the communities framework” ; [0091], “In step 700, a member such as member_A requests to perform a specific task on some resource” [Emphasis added.]; [0092], “In step 702, the system can then determine what membership capability (role) member_A has been assigned to. For example, member_A may have been assigned to the role of Contributor.” [Emphasis added.]; [0093], “In step 704, the system can check which functional capabilities member_A's role is mapped to”; [0094], “In step 706, … determine whether security level one allows member_A access to the repository … Since member_A has been assigned to Contributor role and since the Contributor role is allowed to update resources in the repository, the system can allow member_A security access to the repository and proceed to step 710” [Emphasis added.]; [0095], “In step 710, security level two is entered. The system proceeds to the repository level and obtains the entitlements and visibility information for the requested resource … If the entitlement and visibility information also allow access, then member_A would be allowed to update the resource issue_A, as illustrated in step 716” [Emphasis added.] where a (data) request to perform a specific task on some resource from a member is verified to be mapped into a role and specific functional capabilities based on a community config.xml file (verification credentials) provided in the communities framework (data repository), which is the security level one (pre-authentication validation). If the member is allowed to update resources in the repository as the member_A, it would proceed to step 710 (Otherwise, it would be denied at the step 706. See step 708 in FIG. 7). Note that 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 with the double layer security for a collaborative computing environment where the security level one is implemented via membership and functional capabilities and in response to a verification result of the security level one, the security level two is carried out via entitlements and visibility information as taught by McMullen ‘187 because it would provide efficiency, simplicity and performance since it can control access right in a flexible way [0096].
Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 does not disclose but Leshinsky ‘926 discloses:  the switch for routing the first data request to the node across a plurality of nodes ([Col. 23], ll. 51- [Col. 24], ll. 2, “Each database query request 515 … which may be sent to client-side driver 540 for subsequent routing to distributed storage system 530. In this example, client-side driver 540 … may send them to specific ones of the storage nodes 535 of specific protection groups” [Emphasis added.] where the client-side driver (switch) routes the database query request (data request) to the specific ones of the storage nodes.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 with the client-side driver (switch) for routing database query requests for the distributed storage system (plurality of nodes) as taught by Leshinsky ‘926 because it would reduce a workload for the distributed data storage system by balancing out the availability of resources to perform distributed data storage system tasks.

Per claim 20 (dependent on claim 19):
Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 19 above, incorporated herein by reference.
The limitations of the claim(s) correspond(s) to features of claim 4 and the claim(s) is/are rejected for the reasons detailed with respect to claim 4.

Per claim 21 (independent):
Inaba ‘544 discloses: A process for a distributed memory data repository of a plurality of data centres and a repository switch connected by a network, each of the plurality of data centres having a node and memory to distribute the distributed memory data repository  (FIG. 2, [0043], “client 100, distribution server 200, database 300, RADIUS servers 400-1 to 400-3 and databases 500-1 to 500-3.”; [0044], “Client 100 is a terminal that a user operates to issue an authentication request”; [0045], “Distribution server 200 distributes authentication processes to authenticate users among RADIUS servers 400-1 to 400-3.”; [0053], “… databases 500-1 to 500-3, connected to respective RADIUS servers 400-1 to 400-3 stores the piece of user profile data of the user. That is, this information indicates the server at which the user can be authenticated from among RADIUS servers 400-1 to 400-3”; FIG. 6, [0061], “RADIUS server 400-1 shown in FIG. 2 includes distribution server interface 411, encryptor/decryptor 412 and authenticator 413,” where an authentication request (data request) is routed to each of the plurality of RADIUS servers 400-1 to 400-3 (data centres) via the distribution server 200 (repository switch) and each of RADIUS server to which the databases 500-1 to 500-3 (data repository) are connected receives the authentication request through the server interface (node).); 
upon the access credentials not being verified at the first data centre, re-routing the first data request to a second data centre of the plurality of data centres having other stored access credentials Access-Request as the authentication request signal is transmitted from client 100 via distribution server 200 (arrows A and B shown in FIG. 2), the authentication request signal received by distribution server interface 411 of RADIUS server 400-1 …”; [0084], “Authenticator 413 refers to database 500-1, and searches database 500-1 for a user ID identical to the user ID outputted from encryptor/decryptor 412. Here, since a case where the user has user ID "user 4" is exemplified, the user ID is not searched for from database 500-1”; [0085], “The user ID is outputted from authenticator 413 to distribution server interface 411. In step 16, a transfer request signal, where an attribute indicating a transfer request has been added to Access-Reject including the user ID and the above TLS parameter, is transmitted from distribution server interface 411 to distribution server 200 (arrow C shown in C).”; [0091], “The user ID is extracted from the received transfer request signal by RADIUS server interface 202. The extracted user ID is outputted from RADIUS server interface 202 to server selector 203”; [0092], “Server selector 203 acquires the IP address of the acquired authentication server number from the authentication server information of database 300.”; [0093], “Subsequently, in step 17, this Access­Request is transmitted from RADIUS server interface 202 to RADIUS server 400-2, which has the IP address outputted from server selector 203 (arrow D shown in FIG. 2” where an authentication request signal is transmitted to the RADIUS server 400-1 (first data center) in which the authentication is failed since the user ID has not been searched. Subsequently, the transfer request signal is sent back to the distribution server (repository switch) where the extracted user ID is outputted to the server selector that re-routes the authentication request signal to another RADIUS server 400-2 (second data center).).
Inaba ‘544 does not disclose but Banerjee ‘267 discloses: collecting load data for the plurality of data centres in real-time; load balancing of requests, using the repository switch, to select a first data centre from the plurality of data centres using load data indicating current usage for the plurality of data centre ([Col. 6], ll. 25-37, “Additionally, the placement system 120 may consider the current workload of the data centers 110 in calculating the suitability value. Thus, for example, if the data center 1101 is operating at 90% capacity and the data center 1102 is operating at 10% capacity, the placement system 120 may give a preference ( e.g., by way of a higher suitability value) to the data center 1102 in order to balance the workload between all the data centers 110” [Emphasis added.]; FIG. 4, [Col. 10], ll. 25-65, “for selecting a data center for fulfilling a resource request … where the service placement component 150 receives a virtual data center request from a user (step 420) … Upon receiving the request … identifies a plurality of available data centers for fulfilling the request (step 425) … calculates a suitability value for each of the identified data centers (step 430) … selects a data center for use in fulfilling the request based upon the calculated suitability values (step 435)” [Emphasis added.]; [Col. 9], ll. 33-55, “As discussed above, the service placement component 150 may then calculate one or more metrics for each data center based on the request … the service placement component 150 may determine the availability of firewall and load balancer network capabilities at each data center.” [Emphasis added.] where the service placement component 150 receives a virtual data center request and then selects a data center based on the calculation of a suitability value for each of the identified data centers. Note that the suitability value may be calculated by considering the current workload (load data) of the data centers in the service place component 150, i.e., the load balancer network capabilities.).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 with the selection of a data center based on the suitability value associated with the current workload of the data centers as taught by Banerjee ‘267 because it would improve the performance of the virtualized data center instantiated based on the request, and may better balance the workload and other desirable operating conditions between the data centers [Col. 6], ll. 38-48.
routing, using the repository switch, a first data request to the first data centre selected using the load data … the first data centre comprising a node, a processor, a switch and a memory having a data repository storing verification credentials (FIG. 1A, FIG. 3, [0043], “a user opening a web-browser 199 and navigating to login.serviceprovider.com. A load balancer 198 responsible for handling such requests may select datacenter NA1 (North America #1) for handling the request based on geographic proximity to the user making the request or based on resource availability, or based on server load … an application server 196 at the NA1 datacenter looks up the username specified as described previously and determines that username is not at NA1 but rather, is at NA6 (e.g., North America #6) … a cross-instance call to the NA6 datacenter to perform authentication for the user making the request based on the specified username being associated with the NA6 datacenter. Subsequent to successful authentication of the login request by the NA6 datacenter” where a request including username and password from the web-browser 199 reaches at the load balancer 198 that may select initially datacenter NA1 for handling the request based on geographic proximity and/or server load (load data) and then the application server 196 of the datacenter NA1 would route the request for performing authentication (verification of credentials) to NA6 data center (first data centre) via the cross-instance call if the username associated with the request is found out at the NA6 datacenter among a plurality of datacenters (See FIG. 3).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 with the cross-instance calls between different data centers for performing authentications of a user based on geographic proximity and/or server load as well as a specified user name as taught by Lee ‘070 because such a distributed authentication model would tolerate an outage incurred by a natural disaster or unexpected peak demand better than a centralized authentication model [0029][0030].
for verification as pre-authentication validation of credentials of the first data request prior to a subsequent authentication … controlling the node using the processor to perform the pre-authentication validation of the first data request using the stored verification credentials at the data repository of the memory; only upon verification of the first data request by the node, routing the first data request to another computer resource for the subsequent authentication using the repository switch; and  ([0077], “the communities framework membership capabilities are mapped one-to-one to specific WebLogic® Server roles … These membership capabilities can be declared in a community config.xml file”; [0079], “every role defined in an editable file has a set of functional capabilities associated with it, which specify what a member in that role is allowed to do” [Emphasis added.]; FIG. 7, [0090], “the combined levels of security for the communities framework” ; [0091], “In step 700, a member such as member_A requests to perform a specific task on some resource” [Emphasis added.]; [0092], “In step 702, the system can then determine what membership capability (role) member_A has been assigned to. For example, member_A may have been assigned to the role of Contributor.” [Emphasis added.]; [0093], “In step 704, the system can check which functional capabilities member_A's role is mapped to”; [0094], “In step 706, … determine whether security level one allows member_A access to the repository … Since member_A has been assigned to Contributor role and since the Contributor role is allowed to update resources in the repository, the system can allow member_A security access to the repository and proceed to step 710” [Emphasis added.]; [0095], “In step 710, security level two is entered. The system proceeds to the repository level and obtains the entitlements and visibility information for the requested resource … If the entitlement and visibility information also allow access, then member_A would be allowed to update the resource issue_A, as illustrated in step 716” [Emphasis added.] where a request to perform a specific task on some resource from a member is verified to be mapped into a role and specific functional capabilities based on a 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 with the double layer security for a collaborative computing environment where the security level one is implemented via membership and functional capabilities and in response to a verification result of the security level one, the security level two is carried out via entitlements and visibility information as taught by McMullen ‘187 because it would provide efficiency, simplicity and performance since it can control access right in a flexible way [0096] .
Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 does not disclose but Leshinsky ‘926 discloses: the switch for routing the first data request to the node across a plurality of nodes ([Col. 23], ll. 51- [Col. 24], ll. 2, “Each database query request 515 … which may be sent to client-side driver 540 for subsequent routing to distributed storage system 530. In this example, client-side driver 540 … may send them to specific ones of the storage nodes 535 of specific protection groups” [Emphasis added.] where the client-side driver (switch) routes the database query request (data request) to the specific ones of the storage nodes (plurality of nodes).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Banerjee ‘267 and Lee ‘070 and McMullen ‘187 with the client-side driver (switch) for routing database query requests for the distributed storage system (plurality of nodes) as taught by Leshinsky ‘926 because it would reduce a .

Claim(s) 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 as applied to claim 1 above, and further in view of Koeten et al., US-8813174-B1 (hereinafter “Koeten ‘174”; provided by IDS dated 08/14/2018).
Per claim 22 (dependent on claim 1):
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 discloses the elements detailed in the rejection of claim 1 above, incorporated herein by reference.
Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 does not disclose but Koeten ‘174 discloses: The distributed memory data repository of claim 1, wherein the node is configured to maintain an audit record of data requests using activity records that indicate verified requests and unverified requests, wherein the node is configured to verify the first data request using the audit record (FIG. 1, [Col, 6], ll. 56-62, “gateway 134 need only handle traffic intended for private cloud services 132 and gateway 144 need only handle traffic intended for public cloud services 142. Similarly, security blade 155 need only handle traffic intended for its private cloud service 132 and security blade 157 need only handle traffic intended for its public cloud service 142” [Emphasis added.]; FIG. 6, [Col. 14], ll. 15-37, “At block 640, method 600 may make an access determination for the request based on one or more cloud service access policies. In one embodiment, security blade 400 determines whether the request is allowable based on the cloud services access policy 442 and any cloud service specific policies 443 … At block 650, method 600 logs the result of the access determination from block 640, along with the features of the received request if not already logged at block 630. In one embodiment, cloud service monitoring module 406 may store the results and the information about the request as cloud service monitoring data 444 in data store 440. At block 660, method 600 may share the logged monitoring data with a central server, such as intelligence center 120, with another security blade in a different cloud service, or with some other entity. In one embodiment, cloud service monitoring data 444 captured by security blade 400, may be combined with similar data collected by other security blades and made available to other services for consolidated analysis and/or compliance reporting” [Emphasis added.] where the security blade (node) logs the result of the access determination (audit record), which can be shared with another security blade for the consolidated analysis and compliance reporting (verification).).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Inaba ‘544 in view of Lee ‘070 and McMullen ‘187 and Leshinsky ‘926 with the logging and sharing of the access determination results as taught by Koeten ‘174 because it would be able to control and validate governance and compliance in a consistent and uniform fashion for a plurality of security blades in the cloud service by sharing the access determination results [Col. 1], ll. 18-48.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANGSEOK PARK whose telephone number is (571)272-4332.  The examiner can normally be reached on Monday-Thursday 7:30-5:30 and Alternate Fridays 8:30-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on (571) 272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/SANGSEOK PARK/Examiner, Art Unit 2494                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491