DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.	This is in response to communication filed on 5/03/21 in which claims 1-20 are pending.

Response to Arguments
2.	Applicant’s arguments with respect to claim 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103

3.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

4.	Claims 1-2, 10-11, 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Publication No. 2021/0021643 to Nakagoe et al in view of U.S. Publication No. 2015/0249672 to Burns et al.

a. 	As per claim 1, Nakagoe et al teaches a method, comprising: receiving, by an application programming interface (API) gateway (See paragraph [0045]), a client API request to access an application comprising a distributed microservices architecture (See paragraph [0045], The API gateway 202 is a building block to work as a gateway for API access.  The API gateway 202 could work to dispatch the API requests to other microservices);  5initiating, by the API gateway, The authorization configurations series creator 303 creates the authorization configurations plan from the use case based authorization 
configurations 108); and  10routing, by the API gateway, the client API request to a target microservice of the application, in response to the whitelisting validation operation determining that the client API request is permitted (See paragraph [0045]). However, Nakagoe et al fails to teach wherein comparing comprises identifying an element of the client API request, utilizing the whitelist to determine whether the identified element is a permitted element of the client API request, and rejecting the client API request in response to determining that the identified element is not a permitted element of the client API request; 
	Burns et al teaches wherein comparing comprises identifying an element of the client API request, utilizing the whitelist to determine whether the identified element is a permitted element of the client API request, and rejecting the client API request in response to determining that the identified element is not a permitted element of the client API request (See paragraph [0011], The authorization, or lack thereof, and any qualifications on the same (e.g., a time period for access), are recorded in the access control list, and the control service then 
creates a hole or pathway between the requesting application or device requesting API access, and the requested API, thereby exposing the API to the requesting application or device).
	It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Burns et al in the claimed invention of Nakagoe et al in order to join and leave a 

b. 	As per claim 2, Nakagoe et al teaches the claimed invention as described above.  Furthermore, Nakagoe et al teaches wherein initiating the whitelisting validation operation 15comprises sending, by the API gateway, the client API request to a centralized whitelisting validation service (See paragraph 0060-0061 and 071]).  

c. 	 As per claim 10, An article of manufacture comprising a non-transitory processor-readable storage medium having stored therein program code of one or more software programs, wherein the program code is executable by one or more processors to implement a method comprising: receiving, by an application programming interface (API) gateway, a client API request to 25access an application comprising a distributed microservices architecture (See paragraph [0045], The API gateway 202 is a building block to work as a gateway for API access.  The API gateway 202 could work to dispatch the API requests to other microservices); initiating, by the API gateway, a whitelisting validation operation determine if the client API request is permitted, wherein the whitelisting validation operation comprises comparing an API endpoint of the client API request to a whitelist of permitted API endpoints of registered microservices of the application to determine whether the API endpoint of the client API request 30comprises a permitted API endpoint in the whitelist (See paragraph [0060-0061], The authorization configurations series creator 303 creates the authorization configurations plan from the use case based authorization configurations 108); and  18115846.01 routing, by the API gateway, the client API request to a target microservice of the application, in response to the whitelisting 
	Burns et al teaches wherein comparing comprises identifying an element of the client API request, utilizing the whitelist to determine whether the identified element is a permitted element of the client API request, and rejecting the client API request in response to determining that the identified element is not a permitted element of the client API request (See paragraph [0011], The authorization, or lack thereof, and any qualifications on the same (e.g., a time period for access), are recorded in the access control list, and the control service then creates a hole or pathway between the requesting application or device requesting API access, and the requested API, thereby exposing the API to the requesting application or device).
	It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Burns et al in the claimed invention of Nakagoe et al in order to join and leave a private network without manual configuration of network settings for each device (See paragraph [0008]).

5d. 	As per claim 11, Nakagoe et al teaches the claimed invention as described above.  Furthermore, Nakagoe et al wherein initiating the whitelisting validation operation comprises sending, by the API gateway, the client API request to a centralized whitelisting validation service (See paragraph [0060-0061]).  

e. 	As per claim 19, A server node, comprising:  15at least one processor; and system memory configured to store program code, wherein the program code is executable by the at least one processor to instantiate an application programming interface (API) gateway, wherein the API gateway is configured to: receive a client API request to access an application comprising a distributed microservices 20architecture (See paragraph [0045], The API gateway 202 is a building block to work as a gateway for API access.  The API gateway 202 could work to dispatch the API requests to other microservices); initiate a whitelisting validation operation determine if the client API request is permitted, wherein the whitelisting validation operation comprises comparing an API endpoint of the client API request to a whitelist of permitted API endpoints of registered microservices of the application to determine whether the API endpoint of the client API request comprises a permitted API 25endpoint in the whitelist (See paragraph [0060-0061], The authorization configurations series creator 303 creates the authorization configurations plan from the use case based authorization configurations 108); and route the client API request to a target microservice of the application, in response to the whitelisting validation operation determining that the client API request is permitted (See paragraph [0045]).  However, Nakagoe et al fails to explicitly teach wherein comparing comprises identifying an element of the client API request, utilizing the whitelist to determine whether the identified element is a permitted element of the client API request, and rejecting the client API request in response to determining that the identified element is not a permitted element of the client API request; 
		Burns et al teaches wherein comparing comprises identifying an element of the client API request, utilizing the whitelist to determine whether the identified element is a permitted element of the client API request, and rejecting the client API request in response to The authorization, or lack thereof, and any qualifications on the same (e.g., a time period for access), are recorded in the access control list, and the control service then creates a hole or pathway between the requesting application or device requesting API access, and the requested API, thereby exposing the API to the requesting application or device).
	It would have been obvious to one with ordinary skill in the art to incorporate the teaching of Burns et al in the claimed invention of Nakagoe et al in order to join and leave a private network without manual configuration of network settings for each device (See paragraph [0008]).

f. 	As per claim 20, Nakagoe et al teaches the claimed invention as described above.  Furthermore, Nakagoe et al The server node of claim 19, wherein the API gateway is configured to initiate the 30whitelisting validation operation by sending the client API request to a centralized whitelisting validation service.

Allowable Subject Matter
5.	Claims 3-9, 12-18 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
6.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to DJENANE BAYARD whose telephone number is (571)272-3878.  The examiner can normally be reached on 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John Follansbee can be reached on (571)272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR 





/DJENANE M BAYARD/
Primary Examiner, Art Unit 2444