DETAILED ACTION


Response to Arguments
Applicant's arguments are moot in view of the new grounds of rejection necessitated by applicant's amended claim scope.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 21-24, 26-31, 33-37,  and 40-44 are rejected under 35 U.S.C. 101 because 
the claimed invention is directed to an abstract idea without significantly more. The claim(s) recite(s) the abstract idea of a mental process.  For example limitations:
receiving a request containing a label that is a character string identifying an association between a service and endpoint identifier which is a computing device
determining that an access credential is required to access a service
transmitting the credential 
see  MPEP 2106.04, particularly MPEP 2106.04(a)(2) III MENTAL PROCESSES

This judicial exception is not integrated into a practical application because:
firstly, there is no clear practical application recited in the claims
secondly, the limitations in addition to those pointed out as being the abstract idea of a mental process amount to insignificant extra-solution activity which are known in the art including data gathering and selecting a particular data source see MPEP 2106.05(g)


The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the claim includes only includes well-understood, routine, conventional computer functions  in addition to the cited abstract idea and does not recite an inventive concept.  see  MPAP 2106.05(d)
	For example the courts have recognized the following computer functions as well understood, 
routine an conventional.
receiving or transmitting data over a network, e.g., using the Internet to gather data, Symantec, 838 F.3d at 1321, 120 USPQ2d at 1362 (utilizing an intermediary computer to forward information); TLI Communications LLC v. AV Auto. LLC, 823 F.3d 607, 610, 118 USPQ2d 1744, 1745 (Fed. Cir. 2016) (using a telephone for image transmission); OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363, 115 USPQ2d 1090, 1093 (Fed. Cir. 2015) (sending messages over a network); buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, 112 USPQ2d 1093, 1096 (Fed. Cir. 2014) (computer receives and sends information over a network); but see DDR Holdings, LLC v. Hotels.com, L.P., 773 F.3d 1245, 1258, 113 USPQ2d 1097, 1106 (Fed. Cir. 2014) ("Unlike the claims in Ultramercial, the claims at issue here specify how interactions with the Internet are manipulated to yield a desired result‐‐a result that overrides the routine and conventional sequence of events ordinarily triggered by the click of a hyperlink." (emphasis added));

storing and retrieving information in memory, Versata Dev. Group, Inc. v. SAP Am., Inc., 793 F.3d 1306, 1334, 115 USPQ2d 1681, 1701 (Fed. Cir. 2015); OIP Techs., 788 F.3d at 1363, 115 USPQ2d at 1092-93;

MPEP section 2106.05 I is titled THE SEARCH FOR AN INVENTIVE CONCEPT; here, the MPEP make clear that patentability does not rest on novelty or non-obviousness alone, but that there must be an inventive concept.  

Section A provides six examples of what may constitute an inventive concept; applicants claims do not include limitation corresponding to any of the items i-vi.  

Section  A also provides 4 examples of what may not constitute an inventive concept; similarly applicant's claims  do not include limitations that amount to enough to qualify as significantly more than the abstract idea itself because the limitations in addition to the abstract ideas amount to insignificant extra-solution activity, a general linking the use of the judicial exception to a particular technological environment or field of use, and well-understood, routine, conventional activities previously known to the industry, specified at a high level of generality, to the judicial exception. 

Claims 22-24, 26-27, 29-31, 33-34, 36-37,  and 40-44 are rejected because they each depend on a base claim that has been rejected under 101.
 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).


Claims  21-23, 28-30, 35-37 and 41-44 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Child et al (US 2018/0026964 hereinafter Child)  in view of Smith (US 2009/0217048 hereinafter Smith)
in further view of Hildebrand (US 7627527 hereinafter Hildebrand) 
in further view of web.archive.org/web/20160502222312/https://www.w3schools.com/sql/sql_where.asp (an archive of    https://www.w3schools.com/sql/sql_where.asp   archived on May 2 , 2016 hereinafter nplWhereClause)
in further view of  Hong et al (US 2016/0294933 hereinafter Hong)
As to claim 21,   
Child discloses a system comprising: 
a processor;  Fig 3 302 a memory Fig 3 306 storing instructions  [0046] instructions
that, when executed by the processor,  Fig 3 302
cause the processor to perform operations   [0008] instructions executable for a processor
receiving a request  
Fig 2 230 redirect of Fig 2 225 redirect
in view of [0032] http://login.server.com/login?app=myapp.com/login

from  Fig 2 redirect 230 is a response to redirect 225 from server 100 
          in other words, the server sends message of Fig 2  225 to itself 
          using redirect 230. see  [0032] 106, part of 100, sends …a 
      redirect to the server
a server,  Fig 1 and  2  100 server 
containing  [0032] the redirect might be to a URL 
http://login.server.com/login?app=myapp.com/login
a label
[0032] 'myapp' corresponding to  [0022] 'MyApp'
in view of   [0032] The sending 225 of the redirect includes 
     an identifier of the requested third-party       
     app
				and an indication [0032]  app=myapp.com
of an application service, 
Fig 1 110 
in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
wherein the label 
[0032] 'myapp' corresponding to  [0022] 'MyApp'
  in view of   [0032] The sending 225 of the redirect includes 
     an identifier of the requested third-party   
     app
is a character string  [0032] URL
*wherein it is understood by those of ordinary skill in the art 
that a URL is comprised by a plurality of alpha-numeric     
characters which corresponds to the claimed 'character  
string'
that identifies 
[0032] The sending 225 of the redirect includes an 
 					             identifier of the requested third-party app
[[an]] a first association between
'myapp' (i.e. the claimed label) found in [0032]  the parameter, 'app=myapp.com/login' indicates the application(i.e. the claimed application service) to which user 121 wishes to login is at URL myapp.com/login (i.e. the claimed endpoint)
the application service 
Fig 1 110 
in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
and [[an]] a first endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of http://login.server.com/login?app=myapp.com/login

first endpoint identifier 
[0025] original requested URL http://myapp.com/login
identifies [0025] 'app' is set to the domain name (i.e. the address of hosting 
server of 110 which is the claimed endpoint identifier) and path of the requested login page URL 
a first computing device 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1
disposed within a managed network; Fig 1 140

storing, 
[0022] the application login database 102 specifies, for each supported 
third party application, a URL at which the application expects 
login….i.e. URL myapp.com/login
					*storing the URL includes storing the claimed association, 'myapp'
in a configuration management database (CMDB),  Fig 1 101 and 102
the association between
'myapp' (i.e. the claimed label) found in [0032]  the parameter, 'app=myapp.com/login' indicates the application(i.e. the claimed application service) to which user 121 wishes to login is at URL myapp.com/login (i.e. the claimed endpoint)
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
and the first endpoint identifier; 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
 
determining Fig 2 220  user not logged in ?
that an access credential [0020] credentials
is required [0075] may require multi-factor authentication
to access the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the first computing device; 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1

retrieving [0039] service 106 looks up the user credentials from database 102
the access credential [0020] credentials
[[and the first endpoint identifier]] 
from the CMDB  Fig 1 101 and 102
[[based on the label 


and transmitting  
Fig 2 225 
in other words, the server sends message of Fig 2 225 to itself using 
redirect 230. see  [0032] 106, part of 100, sends …a redirect 
to the server

in view of  [0032] the redirect includes an identifier of the requested 
third party application.  For example the redirect might be to the URL http://login.server.com/login?app=myapp.com/login
	*redirect 225 results in redirect 230 thereby arriving at the  claimed 
   message from the server to the server

the first endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
[[and the access credential]] 
to the server, Fig 1 and  2 100 server

wherein the first endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
is associated 
[0022] database 102 specifies a URL at which the application expects 
login and identifiers of the fields in which the user's login credentials are to be supplied
in view of [0025] original requested URL http://myapp.com/login
with the access credential [0022] user's login credentials
used to access [0022] the application expects login
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the first computing device, 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1

and wherein reception 
[0033] receipt of the request embodied by  the URL of redirect 230 
in view of Fig 2 230 redirect of redirect 225
of the first endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login

causes Fig 2 230 redirect results in Fig 2 265
the server Fig 1 and  2 100 server
to remotely [0018] application 110 hosted at a remote location in view of Fig 1
access Fig 2 265
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the first computing device
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1
				using [0039] provides those login credentials to the third party application					the access credential [0022] user's login credentials

In addition:
Child teaches
	by user 121, transmitting access credentials to the server  Fig 2 240
	by the server 106/100, transmitting a token to the server Fig 2 250 redirect / 255 redirect


However, Child is silent with respect to if 
the token of  Fig 2 250 redirect / 255 redirect includes the credentials of Fig 2 240
see also [0034] – [0039] corresponding to  Fig 2 235-265 

	Smith teaches
[0011] a token may contain credentials

	therefore
		Child as modified by Smith teaches
transmitting  (by the server ) the access credential to the server,


	because 
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Child with Smith as elements known in the prior art combined to yield predictable results.
	For example, Child teaches
Fig 2 240 user provided credentials to server
Fig 2 245 server generates token and sends token to itself via redirects 
250 and 255 
which corresponds to the transmitting credentials to the server 
limitation
					Fig 260-265 the server verifies the token and uses the token to login to 
       the application using a headless browser
					[0037] login service 106 (i.e. of the server 100) obtains the token and 
verifies in Fig 2 260 that the user has authorization to use the 
remote login service

However, Child is silent regarding the details of how the token is verified in Fig 2 260 / [0037].
Smith provides a teaching that cures Child's deficiency.  Smith teaches that a token may contain user credentials.  As such, incorporating Smith's token into Child's invention amounts to the token of Fig 2 255 including the credentials entered by the user in Fig 2 240 (i.e. via the creation step of Fig 2 245) whereby the validation of Fig 2 260  may be implemented using the database lookup described by Child in [0039] wherein service 106 looks up the user's login credentials in database 101 (as part of Fig 2 step 265) whereby  the token verification of Fig 2 260 may be implemented by comparing the credentials of the token with the credentials looked up in the database.    

Neither Child nor Smith discloses
retrieving the access credential and the endpoint identifier from the CMDB

	Hildebrand teaches
retrieving the access credential   C14 1-13 password
and the endpoint identifier C14 1-13 the MyBank URL
from the CMDB  C14 1-13 from the remote database

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child and Smith with those of  Hildebrand as elements known in the prior art combined to yield predictable results.  For example, Child is directed toward the use of a remote login service 106 using URL redirects to perform logins of clients to remote services.  Further, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users wherein  in [0039] server 100 retrieves credentials from database 102 in order to provide user 121 access to application 110 via headless browser at Fig 2 265.  Moreover, in [0022] Child discloses that database 102 specifies for each supported third-party application, a URL at which the application expects login which corresponds to Fig 2 265.  Child suggests that the URL (i.e. claimed endpoint identifier) may be retrieved from the database because  it stands to reason, that the URLs would be only be stored in database 102 (see  [0022])  for subsequent retrieval.  And, in [0039] with respect to Fig 2 265, Child discloses that login service 106 accesses database 102 to determine the login format expected.  It is here, that the teaching of Hildebrand C14 1-13 (i.e. retrieving access credentials and an endpoint identifier from a database) may be combined with Child to form an embodiment that arrives at the claimed invention as suggested by Child in [0022], [0039], and Fig 2 265 whereby when Child performs the database lookup disclosed in [0039] that the login URL, which by the way is needed for login at Fig 2 step 265, may be returned along with the credentials to thereby arrive at the claimed invention.

 Neither Child, Smith nor Hildebrand teaches
retrieving the access credential and the endpoint identifier from the CMDB based on the label 

nplWhereClause  teaches
	pages 1-4: the SQL WHERE clause is used to filter records.  The SQL WHERE clause syntax being:
SELECT column_name, column_name  (or * for all columns)FROM table_nameWHERE column_name, operator, value; 

		wherein  'value' may be a text or numeric value

		For example:
			SELECT * FROM Customers WHERE Country='Mexico'; 
		returns records 2 and 3 from the Demo Database
therefore
	Child as modified by Smith and Hildebrand  as further modified by nplWhereClause  teaches
retrieving the access credential and the endpoint identifier from the CMDB based on the label 
because 
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child Smith and Hildebrand with those of  nplWhereClause as elements known in the prior art combined to yield predictable results.  For example, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users.  Moreover, in [0022] Child discloses that database 102 specifies for each supported third-party application, a URL at which the application expects login.  And in [0039] Child discloses that service 106 looks up the third party application 110 in the application login database 102.

Those of ordinary skill in the art understand that one of the most common implementations of a database lookup is an SQL Select statement including a WHERE clause such as taught by nplWhereClause.  And that to 'look up the third party application 110 in the application login database 102' (as disclosed by  may be implemented using an SQL Select statement including a WHERE clause  in combination with the database and identifier scheme described by Child.  For example, such as:

SELECT * FROM Applications WHERE my_app ='myapp'

*in the above example 'Applications' is a hypothetical name of a table in the Demo Database, and 'my_app' is a hypothetical column in the Applications table.

In other words, Child[0021] teaches a database including identifiers of the third-party applications.  Those of ordinary skill in the art would therefore understand that to implement the [0032] application lookup, the teachings of nplWhereClause could be used to construct a table reflecting the relationships laid out by Child in [0021] including columns for at least the claimed access credentials, the claimed endpoint identifiers, and the claimed third-party applications similar to the table shown in nplWhereClause as the Demo Database.  

And the claimed 'label', disclosed by Child as [0032] 'myapp', could likewise be used as an identifier for identifying the third party app in the database because 'myapp' is already being used as the value of  the 'app' parameters in the login URL and would therefore be an obvious choice to those of ordinary skill in the art, as an identifier of the third party app to populate the values of the my_app column in the constructed table.  And therefore hence used in a subsequent SQL WHERE clause to retrieved the access credential and endpoint identifier based on the label to arrive at the claimed invention by providing a concrete embodiment to the disclosure of Child [0021] and in particular [0032] wherein the database is accessed to create an application specific login format for the implementation of Fig 2 265 headless login.

In summary, Child discloses a database structure in [0021] supportive of the claimed embodiment.  Child also discloses the claimed database access but is silent with respect to the details of the database access statements.  The teachings of nplWhereClause which include details of how to access data in a database table may provide a cure for Child's deficiency, in that those of ordinary skill in the art would find the claimed label, i.e. 'myapp' as an obvious identifier to use in Child's database to embody the [0039] third party application 'lookup' because 'myapp' is already being used to identify the application in the login URL as such, thereby  arriving at the claimed invention in view of  the WHERE clause and table structure taught by nplWhereClause.

Neither Child, Smith, Hildebrand nor  nplWhereClause teaches
the label is a character string that identifies 
a first association between the application service and a first endpoint indenter and 
a second association between the application service and a second endpoint identifier

	the first endpoint identifier associated with a first computing instance

 
and wherein  the second endpoint identifier identifies a second computing device disposed within the managed network   
the second endpoint identifier associated with a second computing instance

Hong teaches
the label [0048]  URL parameters  in view of  [0048] identifies the type of content
is a character string [0048] name of the type e.g.  .mov, .img, .jpg
that identifies 
a first association between 
[0029] different content servers sets can also be different based on the type of operation 
they perform  in view of [0031] HTML servers 125
the application service [0029] process requests
and a first endpoint identifier [0029] first set of content servers

and a second association between 
[0029] different content servers sets can also be different based on the type of operation 
they perform in view of [0031] image servers 130
the application service [0029] process requests
and a second endpoint identifier [0029] second set of content servers

	the first endpoint identifier [0029] first set of content servers
associated with a first computing instance [0059] VMs of the host
 
and wherein  the second endpoint identifier [0029] second set of content servers
identifies a second computing device Fig 1 125 a- b  vs  130 a-b
disposed within the managed network   Fig 1 showing HTTP messaging

the second endpoint identifier [0029] second set of content servers
associated with a second computing instance [0059] other VMs on other host


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child, Smith, Hildebrand, and  nplWhereClause with those of Hong  as elements known in the prior art combined to yield predictable results.  For example Child teaches redirect messages 225 and 230 in Fig 2. Hong is directed to the use of redirect messages.  For example, in [0001] Hong teaches that content switches can also be used to redirect requests to different server pools on the basis of various requests attributes.  Moreover, Hong teaches that the different server pools may be selected via the use of URL parameters see [0048] not unlike Child [0032] wherein a URL parameter is used as part of the redirect process.  As such, Hong merely extends the teachings of Child by extending the use of  URL parameters for redirecting user URL based requests to an appropriate endpoint  selected by the URL parameter to thusly arrive at the claimed invention.

As to claim 22,   
Child discloses the endpoint identifier is a uniform resource locator.
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login

As to claim 23,   
Child discloses 
wherein the CMDB   Fig 1 101 and 102
[[is a single database table that ]]
stores 
[0022] the application login database 102 specifies, for each supported 
third party application, a URL at which the application expects 
login….i.e. URL myapp.com/login
					*storing the URL includes storing the claimed association, 'myapp'
the association between
'myapp' (i.e. the claimed label) found in [0032]  the parameter, 'app=myapp.com/login' indicates the application(i.e. the claimed application service) to which user 121 wishes to login is at URL myapp.com/login (i.e. the claimed endpoint)
the endpoint identifier, 
[0025] original requested URL http://myapp.com/login
in view of http://login.server.com/login?app=myapp.com/login
the label, 
[0032] 'myapp' corresponding to  [0022] 'MyApp'
  in view of   [0032] The sending 225 of the redirect includes an 
   identifier of the requested third-party app
and the application service. 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'

Neither Child, Smith nor Hildebrand teaches
the CMDB is a single database table that stores the association between the endpoint identifier, the label and the application service.

nplWhereClause  teaches
	pages 2-3: a Demo Database including a single table relating CustomerName, ContactName, Address, 
City, and Postal Code
and therefore broadly teaches that multiple information may be related together in a single database table.
therefore
Child as modified by Smith and Hildebrand  as further modified by nplWhereClause  teaches
the CMDB is a single database table that stores the association between the endpoint identifier, the label and the application service.

because
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child Smith and Hildebrand with those of  nplWhereClause as elements known in the prior art combined to yield predictable results.  

For example, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users.  However, Child is silent regarding an actual database schema for the [0021] database.  The teaching of nplWhereClause including broadly teaching that multiple information may be related together in a single database table cures Child's deficiency in that Child may incorporate the teaching of nplWhereClause to arrange a table similar to the one taught by nplWhereClause to store the association between the endpoint identifier, the label, and the application server to arrive at the claimed invention.
Claim 28 is rejected on the basis previously presented in the rejection of claim 21.
Claim 29 is rejected on the basis previously presented in the rejection of claim 22.
Claim 30 is rejected on the basis previously presented in the rejection of claim 23.

As to claim 35,   
Child discloses 
a non-transitory computer readable medium,  Fig 3 306
having stored thereon program instructions,  [0046] instructions
that upon execution by a first server  Fig 1 100 server
that is disposed within a remote network management platform [0014] computing environment 
that remotely manages [0014]-[0015] server provides services that support the organization 
e.g. SSO,  authentication
a managed network  Fig 1 140, 120, 110, and 100
cause the first server to perform operations comprising: 

a processor;  Fig 3 302 a memory Fig 3 306 storing instructions  [0046] instructions
that, when executed by the processor,  Fig 3 302
cause the processor to perform operations   [0008] instructions executable for a processor
[[ from a second server]]
receiving a request  
Fig 2 230 redirect of Fig 2 225 redirect
in view of [0032] http://login.server.com/login?app=myapp.com/login

from  Fig 2 redirect 230 is a response to redirect 225 from server 100 
          in other words, the server sends message of Fig 2  225 to itself 
          using redirect 230. see  [0032] 106, part of 100, sends …a 
      redirect to the server
a server,  Fig 1 and  2  100 server 
containing  [0032] the redirect might be to a URL 
http://login.server.com/login?app=myapp.com/login
a label
[0032] 'myapp' corresponding to  [0022] 'MyApp'
  in view of   [0032] The sending 225 of the redirect includes an 
   identifier of the requested third-party app
				and an indication [0032]  app=myapp.com
of an application service, 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
wherein the label 
[0032] 'myapp' corresponding to  [0022] 'MyApp'
  in view of   [0032] The sending 225 of the redirect includes an 
   identifier of the requested third-party app
is a character string  [0032] URL
*wherein it is understood by those of ordinary skill in the art that a 
URL is comprised by a plurality of alpha-numeric characters which corresponds to the claimed 'character string'
that identifies 
[0032] The sending 225 of the redirect includes an 
 					             identifier of the requested third-party app
an association between
'myapp' (i.e. the claimed label) found in [0032]  the parameter, 'app=myapp.com/login' indicates the application(i.e. the claimed application service) to which user 121 wishes to login is at URL myapp.com/login (i.e. the claimed endpoint)
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
and an endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of http://login.server.com/login?app=myapp.com/login
wherein the endpoint identifier 
[0025] original requested URL http://myapp.com/login
identifies [0025] 'app' is set to the domain name (i.e. the address of hosting 
server of 110 which is the claimed endpoint identifier) and path of the requested login page URL 
a computing device 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1
disposed within a managed network; Fig 1 140

storing, 
[0022] the application login database 102 specifies, for each supported 
third party application, a URL at which the application expects 
login….i.e. URL myapp.com/login
					*storing the URL includes storing the claimed association, 'myapp'
in a configuration management database (CMDB),  Fig 1 101 and 102
the association between
'myapp' (i.e. the claimed label) found in [0032]  the parameter, 'app=myapp.com/login' indicates the application(i.e. the claimed application service) to which user 121 wishes to login is at URL myapp.com/login (i.e. the claimed endpoint)
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
and the endpoint identifier; 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
 
determining Fig 2 220  user not logged in ?
that an access credential [0020] credentials
is required [0075] may require multi-factor authentication
to access the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the computing device; 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1

retrieving [0039] service 106 looks up the user credentials from database 102
the access credential [0020] credentials
[[and the endpoint identifier]] 
from the CMDB Fig 1 101 and 102
[[based on the label 

and transmitting  
Fig 2 225 
in other words, the server sends message of Fig 2 225 to itself using 
redirect 230. see  [0032] 106, part of 100, sends …a redirect 
to the server

in view of  [0032] the redirect includes an identifier of the requested 
http://login.server.com/login?app=myapp.com/login
	*redirect 225 results in redirect 230 thereby arriving at the  claimed 
   message from the server to the server
the endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
[[and the access credential]] 
to the [[second]]server, Fig 1 and  2 100 server

wherein the endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
is associated 
[0022] database 102 specifies a URL at which the application expects 
login and identifiers of the fields in which the user's login credentials are to be supplied
in view of [0025] original requested URL http://myapp.com/login
with the access credential [0022] user's login credentials
used to access [0022] the application expects login
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the computing device, 
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1

and wherein reception 
[0033] receipt of the request embodied by  the URL of redirect 230 
in view of Fig 2 230 redirect of redirect 225
of the endpoint identifier 
[0025] original requested URL http://myapp.com/login
in view of [0022 ] URL myapp.com/login
causes Fig 2 230 redirect results in Fig 2 265
the [[second]] server Fig 1 and  2 100 server
to remotely [0018] application 110 hosted at a remote location in view of Fig 1
access Fig 2 265
the application service 
Fig 1 110 in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
executing on the computing device
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1
				using [0039] provides those login credentials to the third party application					the access credential [0022] user's login credentials

Child also teaches in [0017],
server 100, although depicted as a single logical system in Fig 1, may be implemented using a number of distinct physical systems and connections therebetween such as application servers, database servers, load-balancing servers, and the like.  

As such, before the effective filing date, it would have been obvious to a person having ordinary skill in the art, as suggested by Child [0017] and because those of ordinary skill in the art understand that functionality is commonly partitioned and distributed amongst multiple servers for various reasons associated with performance, scale, and the like such that server 100 may comprise the claimed 1st server and a 2nd server with the suggested connections therebetween to render obvious, without departing from the teachings of Child,  the limitations of:
receiving a request from a second server
transmitting the endpoint identifier to the second server
causing the second  server to remotely  access  the application service 	


Child also teaches
	by user 121, transmitting access credentials to the server  Fig 2 240
	by the server 106/100, transmitting a token to the server Fig 2 250 redirect / 255 redirect

However, Child is silent with respect to if 
the token of  Fig 2 250 redirect / 255 redirect includes the credentials of Fig 2 240
see also [0034] – [0039] corresponding to  Fig 2 235-265 

	Smith teaches
[0011] a token may contain credentials

	therefore
		Child as modified by Smith teaches
transmitting  (by the first server ) the access credential to the second server,

	because 
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine Child with Smith as elements known in the prior art combined to yield predictable results.
	For example, Child teaches
Fig 2 240 user provided credentials to server
Fig 2 245 server generates token and sends token to itself via redirects 
250 and 255 
which corresponds to the transmitting credentials to the server 
limitation
					Fig 260-265 the server verifies the token and uses the token to login to 
       the application using a headless browser
					[0037] login service 106 (i.e. of the server 100) obtains the token and 
verifies in Fig 2 260 that the user has authorization to use the 
remote login service

However, Child is silent regarding the details of how the token is verified in Fig 2 260 / [0037].
Smith provides a teaching that cures Child's deficiency.  Smith teaches that a token may contain user credentials.  As such, incorporating Smith's token into Child's invention amounts to the token of Fig 2 255 including the credentials entered by the user in Fig 2 240 (i.e. via the creation step of Fig 2 245) whereby the validation of Fig 2 260  may be implemented using the database lookup described by Child in [0039] wherein service 106 looks up the user's login credentials in database 101 (as part of Fig 2 step 265) whereby  the token verification of Fig 2 260 may be implemented by comparing the credentials of the token with the credentials looked up in the database.    

Neither Child nor Smith discloses
retrieving the access credential and the endpoint identifier from the CMDB
	
Hildebrand teaches
retrieving the access credential   C14 1-13 password
and the endpoint identifier C14 1-13 the MyBank URL
from the CMDB  C14 1-13 from the remote database

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child and Smith with those of  Hildebrand as elements known in the prior art combined to yield predictable results.  For example, Child is directed toward the use of a remote login service 106 using URL redirects to perform logins of clients to remote services.  Further, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users wherein  in [0039] server 100 retrieves credentials from database 102 in order to provide user 121 access to application 110 via headless browser at Fig 2 265.  Moreover, in [0022] Child discloses that database 102 specifies for each supported third-party application, a URL at which the application expects login which corresponds to Fig 2 265.  Child suggests that the URL (i.e. claimed endpoint identifier) may be retrieved from the database because  it stands to reason, that the URLs would be only be stored in database 102 (see  [0022])  for subsequent retrieval.  And, in [0039] with respect to Fig 2 265, Child discloses that login service 106 accesses database 102 to determine the login format expected.  It is here, that the teaching of Hildebrand C14 1-13 (i.e. retrieving access credentials and an endpoint identifier from a database) may be combined with Child to form an embodiment that arrives at the claimed invention as suggested by Child in [0022], [0039], and Fig 2 265 whereby when Child performs the database lookup disclosed in [0039] that the login URL, which by the way is needed for login at Fig 2 step 265, may be returned along with the credentials to thereby arrive at the claimed invention.

 Neither Child, Smith nor Hildebrand teaches
retrieving the access credential and the endpoint identifier from the CMDB based on the label 

nplWhereClause  teaches
	pages 1-4: the SQL WHERE clause is used to filter records.  The SQL WHERE clause syntax being:
SELECT column_name, column_name  (or * for all columns)FROM table_nameWHERE column_name, operator, value; 

		wherein  'value' may be a text or numeric value

		For example:
			SELECT * FROM Customers WHERE Country='Mexico'; 
		would return records 2 and 3 from the Demo Database







therefore
	Child as modified by Smith and Hildebrand  as further modified by nplWhereClause  teaches
retrieving the access credential and the endpoint identifier from the CMDB based on the label 
because 
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child Smith and Hildebrand with those of  nplWhereClause as elements known in the prior art combined to yield predictable results.  For example, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users.  Moreover, in [0022] Child discloses that database 102 specifies for each supported third-party application, a URL at which the application expects login.  And in [0039] Child discloses that service 106 looks up the third party application 110 in the application login database 102.

Those of ordinary skill in the art understand that one of the most common implementations of a database lookup is an SQL Select statement including a WHERE clause such as taught by nplWhereClause.  And that to 'look up the third party application 110 in the application login database 102' may be implemented using an SQL Select statement including a WHERE clause  in combination with the database and identifier scheme described by Child as such:

SELECT * FROM Applications WHERE my_app ='myapp'

*in the above example 'Applications' is a hypothetical name of a table in the Demo Database, and 'my_app' is a hypothetical column in the Applications table.

In other words, Child[0021] teaches a database including identifiers of the third-party applications.  Those of ordinary skill in the art would therefore understand that to implement the [0032] application lookup, the teachings of nplWhereClause could be used to construct a table reflecting the relationships laid out by Child in [0021] including columns for at least the claimed access credentials, the claimed endpoint identifiers, and the claimed third-party applications similar to the table shown in nplWhereClause as the Demo Database.  

And the claimed 'label', disclosed by Child as [0032] 'myapp', could likewise be used as an identifier for identifying the third party app in the database because 'myapp' is already being used as the value of  the 'app' parameters in the login URL and would therefore be an obvious choice to those of ordinary skill in the art, as an identifier of the third party app to populate the values of the my_app column in the constructed table.  And therefore hence used in a subsequent SQL WHERE clause to retrieved the access credential and endpoint identifier based on the label to arrive at the claimed invention by providing a concrete embodiment to the disclosure of Child [0021] and in particular [0032] wherein the database is accessed to create an application specific login format for the implementation of Fig 2 265 headless login.

In summary, Child discloses a database structure in [0021] supportive of the claimed embodiment.  Child also discloses the claimed database access but is silent with respect to the details of the database access statements.  The teachings of nplWhereClause which include details of how to access data in a database table may provide a cure for Child's deficiency, in that those of ordinary skill in the art would find the claimed label, i.e. 'myapp' as an obvious identifier to use in Child's database to embody the [0039] third party application 'lookup' because 'myapp' is already being used to identify the application in the login URL as such, thereby  arriving at the claimed invention in view of  the WHERE clause and table structure taught by nplWhereClause.









Neither Child, Smith, Hildebrand nor  nplWhereClause teaches
the label is a character string that identifies 
a first association between the application service and a first endpoint indenter and 
a second association between the application service and a second endpoint identifier

	the first endpoint identifier associated with a first computing instance

 
and wherein  the second endpoint identifier identifies a second computing device disposed within the managed network   
the second endpoint identifier associated with a second computing instance

Hong teaches
the label [0048]  URL parameters  in view of  [0048] identifies the type of content
is a character string [0048] name of the type e.g.  .mov, .img, .jpg
that identifies 
a first association between 
[0029] different content servers sets can also be different based on the type of operation 
they perform  in view of [0031] HTML servers 125
the application service [0029] process requests
and a first endpoint identifier [0029] first set of content servers

and a second association between 
[0029] different content servers sets can also be different based on the type of operation 
they perform in view of [0031] image servers 130
the application service [0029] process requests
and a second endpoint identifier [0029] second set of content servers

	the first endpoint identifier [0029] first set of content servers
associated with a first computing instance [0059] VMs of the host
 
and wherein  the second endpoint identifier [0029] second set of content servers
identifies a second computing device Fig 1 125 a- b  vs  130 a-b
disposed within the managed network   Fig 1 showing HTTP messaging

the second endpoint identifier [0029] second set of content servers
associated with a second computing instance [0059] other VMs on other host

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child, Smith, Hildebrand, and  nplWhereClause with those of Hong  as elements known in the prior art combined to yield predictable results.  For example Child teaches redirect messages 225 and 230 in Fig 2. Hong is directed to the use of redirect messages.  For example, in [0001] Hong teaches that content switches can also be used to redirect requests to different server pools on the basis of various requests attributes.  Moreover, Hong teaches that the different server pools may be selected via the use of URL parameters see [0048] not unlike Child [0032] wherein a URL parameter is used as part of the redirect process.  As such, Hong merely extends the teachings of Child by extending the use of  URL parameters for redirecting user URL based requests to an appropriate endpoint  selected by the URL parameter to thusly arrive at the claimed invention.

Claim 36 is rejected on the basis previously presented in the rejection of claim 22.
Claim 37 is rejected on the basis previously presented in the rejection of claim 23.


As to claim 41,   
Child discloses 
wherein the label 
[0032] 'myapp' corresponding to  [0022] 'MyApp'
in view of   [0032] The sending 225 of the redirect includes an identifier of the requested 
third-party app
is configured to hide data  [0025]  instead of making HTTP requests for those URLs, making an 
HTTP request for substitute URL that specify a remote login 
service 106
required to access [0032] with the purpose of having the server 100 obtain information
the application service 
Fig 1 110 
in view of  [0018] different third party applications 110
in further view of [0022] a hypothetical application, 'MyApp'
from a requesting client. [0032] client

As to claim 42,   
Child discloses 
wherein the label 
[0032] 'myapp' corresponding to  [0022] 'MyApp'
in view of   [0032] The sending 225 of the redirect includes an identifier of the requested 
third-party app
excludes information available  [0025]  instead of making HTTP requests for those URLs, making 
an HTTP request for substitute URL that specify a remote login service 106
		to the first computing device
[0018] third party applications are typically hosted on  servers located 
at a remote location in view of Fig 1
		
		and cannot be directly used to access the first computing device  [0032] redirect


Claim 43 is encompassed by claim 21 and is rejected on the basis provided in the rejection of claim 21.
Claim 44   is rejected on the basis provided in the rejection of claim 21 especially in view of the teachings of Hong .
Claims 24, 26-27, 31, 33-34 and 40 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Child in view of Smith  in further view of Hildebrand in further view of nplWhereClause in further view of  Hong in further view of  Stachura et al (US2015/0134956 hereinafter Stachura)

As to claim 24, Child, Smith, Hildebrand, nplWhereClause and Hong teach all the subject matter of parent claim 23.
As to claim 24,   
	Neither Child, Smith, Hildebrand nplWhereClause nor Hong teaches
wherein the CMDB stores all access credentials that are managed by a remote network management platform on behalf of the managed network.
		
Stachura teaches
wherein the CMDB Fig 1 and Fig 2 20 credential DB
stores all access credentials 
[0044] the system comprises a proxy server with access to web site credentials of 
employees
that are managed by a remote network management platform Fig 1
on behalf of the managed network. Fig 1 18

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child, Smith, Hildebrand, and nplWhereClause with those of  Stachura as elements known in the prior art combined to yield predictable results.  For example, Child is directed toward the use of a remote login service 106 using URL redirects to perform logins of clients to remote services where the clients supply the credentials via a login form.  Stachura teaches that a credentials database may store credentials which may be retrieved via a URL match [0086]-[0087].  Stachura teaching may be incorporated into the invention of Child to arrive at the claimed invention wherein the modified Child may operate to perform the messaging of Stachura Fig 2 3a and 3b in the alternative to message 235 and 240 of Child Fig 2 to achieve a similar outcome using a known alternative.

Moreover, in [0039], Child requires an embodiment for looking up credentials in a database for remote login into third-party applications.  Stachura provides an embodiment in [0093] wherein proxy server 16 performs an automated routine 'to confirm that the credentials have not been changed' so that 'login are still allowing successful use of the credentials'.  Therefore, Stachura teaches a feature that will improve the system of Child by proactively testing the credentials in Child's credential database so that when Child's system looks up the credentials to perform the remote logins,  the feature of Stachura has increased the probability that those credentials remain the correct credentials for the login to the third party application of Child.  Moreover, Stachura's orchestration script may be used to trigger the acquisition of credentials disclosed by Child in [0039] for use by the script in the testing taught by Stachura to thereby arrive at  the claimed invention.

As to claim 26, Child, Smith, Hildebrand, nplWhereClause and Hong teach all the subject matter of parent claim 21.
As to claim 26,   Child discloses
	 the access credential is obtained [0039] service 106 looks up the user's login credentials from 
        database 101/102
Neither Child, Smith, Hildebrand teaches
	the access credential is obtained via an orchestration script

nplWhereClause teaches
	pages 1-4: SELECT * FROM Customers WHERE Country='Mexico'
	which is a script to return data records from a database table
therefore
	the combination of Child, Smith, Hildebrand and nplWhereClause teaches
the access credential is obtained via a[[n orchestration]] script
because
Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child Smith and Hildebrand with those of  nplWhereClause as elements known in the prior art combined to yield predictable results.  For example, Child teaches in [0021] a database for relating organizations with users with third party applications for managing access to the third party applications from the users.  In [0039], Child also teaches looking up credentials in database 101/102 but is silent regarding implementation details of how the credentials are obtained from the database. nplWhereClause cures Child's deficiency by teaching an SQL Select Query using a WHERE clause  Child's deficiency by teaching an SQL Select Query using a WHERE clause whereby using the SQL Select Query using the WHERE clause provides Child an embodiment for implementing the lookup to thereby arrive at a portion of the claimed invention.

Neither Child, Smith, Hildebrand nplWhereClause nor Hong
wherein the access credential is obtained via an orchestration script executed on a proxy server.
Stachura teaches
an orchestration [0093] the proxy server may periodically, on a scheduled basis login 
automatically to the remote server
script executed on a proxy server [0118] the proxy server may execute associated scripts  
*Note: applicant spec does not define the meaning of an orchestration script but does provide an example in [0136] which includes a script that runs on a periodic basis.

Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child, Smith, Hildebrand, nplWhereClause and Hong with those of  Stachura as elements known in the prior art combined to yield predictable results.  For example, Child is directed toward the use of a remote login service 106 using URL redirects to perform logins of clients to remote services where the clients supply the credentials via a login form.  
In [0039], Child requires an embodiment for looking up credentials in a database for remote login into third-party applications.  Stachura provides an embodiment in [0093] wherein proxy server 16 performs an automated routine 'to confirm that the credentials have not been changed' so that 'login are still allowing successful use of the credentials'.  Therefore, Stachura teaches a feature that will improve the system of Child by proactively testing the credentials in Child's credential database so that when Child's system looks up the credentials to perform the remote logins,  the feature of Stachura has increased the probability that those credentials remain the correct credentials for the login to the third party application of Child.  Moreover, Stachura's orchestration script may be 0039] for use by the script in the testing taught by Stachura to thereby arrive at  the claimed invention.
As to claim 27,   
	Neither Child, Smith, Hildebrand nplWhereClause nor Hong
wherein the orchestration script is configured to automatically run on a predetermined time schedule.
Stachura teaches
wherein the orchestration [0093] the proxy server may periodically, on a scheduled basis login 
automatically to the remote server
script [0118] the proxy server may execute associated scripts  
is configured to automatically run on a predetermined time schedule 
[0093] the proxy server may periodically, on a scheduled basis login 
automatically to the remote server


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art to combine the teachings of Child, Smith, Hildebrand, nplWhereClause and Hong with those of  Stachura as elements known in the prior art combined to yield predictable results.  For example, Child is directed toward the use of a remote login service 106 using URL redirects to perform logins of clients to remote services where the clients supply the credentials via a login form.  

In [0039], Child requires an embodiment for looking up credentials in a database for remote login into third-party applications.  Stachura provides an embodiment in [0093] wherein proxy server 16 performs an automated routine 'to confirm that the credentials have not been changed' so that 'login are still allowing successful use of the credentials'.  Therefore, Stachura teaches a feature that will improve the system of Child by proactively testing the credentials in Child's credential database so that when Child's system looks up the credentials to perform the remote logins,  the feature of Stachura has increased the probability that those credentials remain the correct credentials for the login to the third party application of Child.  Moreover, Stachura's orchestration script may be used to trigger the acquisition of credentials disclosed by Child in [0039] for use by the script in the testing taught by Stachura to thereby arrive at  the claimed invention.



As to claim 31, Child, Smith, Hildebrand, nplWhereClause and Hong teach all the subject matter of parent claim 30.
Claim 31 is rejected on the basis previously presented in the rejection of claim 24.

As to claim 33, Child, Smith, Hildebrand, nplWhereClause and Hong teach all the subject matter of parent claim 28.
Claim 33 is rejected on the basis previously presented in the rejection of claim 26.

Claim 34 is rejected on the basis previously presented in the rejection of claim 27.


As to claim 40, Child, Smith, Hildebrand, nplWhereClause and Hong teach all the subject matter of parent claim 35.
Claim 40 is rejected on the basis previously presented in the rejection of claim 26. 
Conclusion



Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/RICHARD A MCCOY/Examiner, Art Unit 2431