DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The Amendments filed on May 04, 2021 have been entered. 
Claims 1, 16, and 24 have been amended. 
Claims 3, 18, and 26 have been canceled. 

Response to Arguments
Applicant’s arguments filed on May 04, 2021 have been considered but are moot in view of the new grounds of rejection. 

















Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 6-8, 10-12, 14-16, and 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Lewis et al. (Pub. No. US 2019/0244254), hereinafter Lewis, in view of Ford et al. (Pab. No. US 2020/0028853), hereinafter Ford.

Claim 1. 	Lewis discloses a method for regulating access to respective network-based resources by a computing device, the computing device configured to receive information representing access to and/or access requests to resources on at least one network (Parag. [0005] and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource)), the method comprising: 
detecting, by the computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), access to a first network-based resource at a first time by a first entity (i.e., user device), wherein the first network-based resource and the first entity are represented directly or indirectly by information received by the computing device (Parag. [0005], Parag. [0025], Parag. [0078-0079], Parag. [0081-0082], and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource. The art also teaches that a first time associated with the first request is determined from information included with the first request or by evaluating a log of content item requests. And an expiration time associated with the sequential presentation of content items is determined based on presentation of the first content)); 
detecting, by the computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), a request for access to, access to, or both the request for access and access to a second network-based resource at a second time by the first entity (i.e., user device), wherein the second network-based resource and the first entity are represented directly or indirectly by information received by the computing device (Parag. [0005], Parag. [0025], Parag. [0084-0085], Parag. [0087], and Fig. 5; (The art teaches that a second request for content is received from the user device. The second request is for content to present in a second content slot, which is included in a second resource. After receiving the second request for content, the amount of time that has elapsed since the first time is determined (i.e., the amount of time elapsed is based on the first time of the first request and a second time at which the second request is received), and a determination is made as to whether the expiation time has passed by comparing the current time (i.e., second time) to the expiration time)); 
calculating, by the computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), a period of elapsed time between the first time and the second time (Parag. [0005], Parag. [0085], Parag. [0087], and Fig. 5; (The art teaches when receiving a second request, the processor determines ; 
determining, by the computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), a probability of the first entity accessing or requesting access to the second network-based resource within the period of elapsed time of having accessed the first network-based resource (Parag. [0087-0088] and Fig. 5; (The art teaches that when the expiration time has not passed, and amount of time that has elapsed since the first time (i.e., first request) is determined, and a determination is made as to whether the elapsed time is greater than a predetermined threshold, if so, the first content item is re-presented responsive to the second request)); 
Lewis doesn’t explicitly disclose receiving a first physical location of the first entity; receiving a second physical location of the first entity; accessing the resources from the first physical location and from the second physical location; identifying, based on the determined probability, by the computing device, a security thread; and precluding, in response to the identified security threat, by the computing device, the first entity's access to at least one network-based resource.
		However, Ford discloses:
		receiving a first physical location of the first entity; receiving a second physical location of the first entity; and accessing the resources from the first physical location and from the second physical location (Parag. [0004], Parag. [0039], Parag. [0074], Parag. [0087], Parag. [0104-0105], and Parag. [0115]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is atypical. A request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction. An elapsed time between access requests using the user identity is employed to determine whether the access request is atypical. A policy-based approach to ; 
		identifying, based on the determined probability, by the computing device, a security threat (Parag. [0022], Parag. [0041], Parag. [0062], Parag. [0117]; (The art teaches providing a common infrastructure for pluggable feature packs, which provide certain security management functionalities. Examples of such functionalities may include various anti-virus and malware detection, data loss protection (DLP), insider threat detection, and so forth. The security management functionalities may include one or more functionalities associated with analyzing probability distributions of interrelated event features in real time. The security friction system may use time information to determine whether an access request is atypical (e.g., malicious access attempts). As used herein, time information broadly refers to any chronological information from which the temporal occurrence of an event may be determined.  In certain embodiments, elapsed time may be used as an indicator of atypicality. As used herein, elapsed time broadly refers to a comparison made between two or more events))); and
		precluding, in response to the identified security threat, by the computing device, the first entity's access to at least one network-based resource (Parag. [0004] and Parag. [0122]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is atypical. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the .
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Lewis to incorporate the teaching of Ford. This would be convenient for overcoming the issues of leaving the resources of an organization more vulnerable to security threats (Parag. [0002]).

Claim 6. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses the method further comprising: providing to an information security dashboard, by the computing device, information representing the regulation of the first entity's access to at least one network-based resource (Parag. [0018]; (The art teaches that systems collect information about users, which are provided with an opportunity to control (i.e., using the user device’s platform) whether programs or features collect user information (i.e., user current location), or to control whether and how to receive content from a content server. Also, certain information about the user, such as identity, is treated so that no identifying information can be determined for the user)). 

Claim 7. 	Lewis in view of Ford discloses the method of claim 6,  
Lewis further discloses wherein the information security dashboard includes a graphical user interface having at least one graphical control that, when selected, causes the computing device to regulate the first entity's access to at least one network-based resource (Parag. [0017-0018] and Parag. [0022-0023]; (The art teaches that the user uses a device to control the user information. The user device could be a personal computer, tablet, mobile, etc., using application (s) to facilitate the sending and receiving of data over the network (i.e., using a graphical user interface))).  


Claim 8. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses wherein the first network-based resource and the second network-based resource are respectively located on at least one physical and/or virtual network (Parag. [0020]; (The art teaches that the resources are hosted by one or more servers)).

Claim 10. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses wherein regulating the first entity's access to at least one network-based resource comprises permitting the first entity's access to at least one resource when the determined probability is inside the predetermined threshold and restricting the first entity's access to at least one resource when the determined probability is outside the predetermined threshold (Parag. [0079], Parag. [0087-0089], and Fig. 5 “518”; (The art teaches that if the elapsed time is greater than a predetermined threshold the first content item is re-presented responsive to the second request and if the elapsed time is not greater than the predetermined threshold, a second, different content item to deliver in response to the second request based at least in part on the amount of elapsed time, is determined (i.e. restricting access to the first content item included in the first resource))).  

Claim 11. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses wherein regulating the first entity's access comprises not impeding the first entity's access to at least one network-based resource threshold (Parag. [0087-0089] and Fig. 5 “518”; (The art teaches that if the elapsed time is greater than a predetermined threshold the first content item is re-presented responsive to the second request (i.e., the user is not stopped from accessing the resource))).  

Claim 12. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses wherein at least one network-based resource is the second network-based resource (Parag. [0020], Parag. [0084], and Fig. 1 “105”; (The art teaches that a second content is included in the second resource)). 



Claim 14. 	Lewis in view of Ford discloses the method of claim 1,  
Lewis further discloses wherein regulating the first entity's access to at least one network-based resource includes downgrading access privileges (Parag. [0087-0089] and Fig. 5 “518”; (The art teaches that if the elapsed time is not greater than the predetermined threshold, a second, different content item to deliver in response to the second request based at least in part on the amount of elapsed time, is determined (i.e., restricting (i.e., downgrading) access to the first content item included in the first resource))). 
 
Claim 15. 	Lewis in view of Ford discloses the method of claim 1,
Lewis further discloses wherein the access to first network-based resource or second network-based resource occurs via at least one respective endpoint (Parag. [0022]; (The art teaches that the user sends a request for resource over the network, and the resources are hosted by one or more servers (i.e., accessing via the server endpoint))).  

Claim 16. 	Lewis discloses a system for regulating access to respective network-based resources, the system comprising: a computing device having access to instructions on non-transitory processor readable media (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)) that, when executed by the computing device, configure the computing device to:  
receive information representing access to and/or access requests to resources on at least one network (Parag. [0005] and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource)); 
detect access to a first network-based resource at a first time by a first entity (i.e., user device), wherein the first network-based resource and the first entity are represented directly or indirectly by information received by the computing device (Parag. [0005], Parag. [0025], Parag. [0078-0079], Parag. [0081-0082], and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource. The art also teaches that a first time associated with the first request is determined from information included with the first request or by evaluating a log of ;  
detect a request for access to, access to, or both the request for access and access to a second network-based resource at a second time by the first entity (i.e., user device), wherein the second network-based resource and the first entity are represented directly or indirectly by information received by the computing device (Parag. [0005], Parag. [0025], Parag. [0084-0085], Parag. [0087], and Fig. 5; (The art teaches that a second request for content is received from the user device. The second request is for content to present in a second content slot, which is included in a second resource. After receiving the second request for content, the amount of time that has elapsed since the first time is determined (i.e., the amount of time elapsed is based on the first time of the first request and a second time at which the second request is received), and a determination is made as to whether the expiation time has passed by comparing the current time (i.e., second time) to the expiration time));   
calculate a period of elapsed time between the first time and the second time (Parag. [0005], Parag. [0085], Parag. [0087], and Fig. 5; (The art teaches when receiving a second request, the processor determines the amount of time that has elapsed since the first time (i.e., the amount of time elapsed is based on the first time of the first request and the second time at which the second request is received). The art also teaches that the amount of time that has elapsed since the first time is determined by subtracting the first time from the current time after receiving the second request));  {00501/008072-USO/02330014.1}Page 24SA4268Atty. Docket No. 00501/008072-USO 
determine a probability of the first entity accessing or requesting access to the second network-based resource within the period of elapsed time of having accessed the first network-based resource (Parag. [0087-0088] and Fig. 5; (The art teaches that when the expiration time has not passed, and amount of time that has elapsed since the first time (i.e., first request) is determined, and a determination is made as to whether the elapsed time is greater than a predetermined threshold, if so, the first content item is re-presented responsive to the second request)).
Lewis doesn’t explicitly disclose receiving a first physical location of the first entity; receiving a second physical location of the first entity; accessing the resources from the first physical location and from the second physical location; identifying, based on the determined probability, a security threat; and precluding, in response to the identified security threat, the first entity's access to at least one network-based resource
However, Ford discloses: 
receiving a first physical location of the first entity; receiving a second physical location of the first entity; and accessing the resources from the first physical location and from the second physical location (Parag. [0004], Parag. [0039], Parag. [0074], Parag. [0087], Parag. [0104-0105], and Parag. [0115]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is atypical. A request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction. An elapsed time between access requests using the user identity is employed to determine whether the access request is atypical. A policy-based approach to network security is used that typically requires endpoint devices to comply with particular criteria before they are granted access to network resources. The art teaches that a user behavior factor broadly refers to information associated with a user's behavior, whether the behavior occurs within a physical realm or cyberspace. User behavior factors may include the user's access rights, the user's interactions, and the date/time/frequency of when the interactions are enacted. The user behavior factors may likewise include the user's location. The security friction system may be implemented to process certain contextual information to ascertain the identity of an entity at a particular point in time. The contextual information may include location data. The endpoint device may be configured to receive such location data, which is used as a data source for determining the user's location; the location data may include Global Positioning System (GPS) data provided by a GPS satellite. Further, the security friction system may determine that the request is atypical if multiple access requests are made using the user identity from different locations (i.e., first and second locations) within a short time of one another thereby indicating that the requests may have originated from separate entities at separate locations));
identifying, based on the determined probability, a security threat (Parag. [0022], Parag. [0041], Parag. [0062], Parag. [0117]; (The art teaches providing a common infrastructure for pluggable feature packs, which provide certain security management functionalities. ; and  
		preclude, in response to the identified security threat, the first entity's access to at least one network-based resource (Parag. [0004] and Parag. [0122]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is atypical. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an amount of security friction (i.e., the access is denied). An elapsed time between access requests using the user identity is employed to determine whether the access request is atypical. A policy-based approach to network security is used that typically requires endpoint devices to comply with particular criteria before they are granted access to network resources)).
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Lewis to incorporate the teaching of Ford. This would be convenient for overcoming the issues of leaving the resources of an organization more vulnerable to security threats (Parag. [0002]).

Claim 21 is taught by Lewis in view of Ford as described for claim 6.  

Claim 22 is taught by Lewis in view of Ford as described for claim 7.

Claim 23 is taught by Lewis in view of Ford as described for claim 10.  

Claim 24. 	Lewis discloses a method for regulating access to respective network-based resources by at least one computing device, each such computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)) configured to receive information representing access to and/or access requests to resources on at least one network (Parag. [0005] and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource)), the method comprising:  
detecting electronic access to a first network-based resource at a first time by a first entity (i.e., user device), wherein the first network-based resource and the first entity are represented directly or indirectly by information received by the computing device (Parag. [0005], Parag. [0025], Parag. [0078-0079], Parag. [0081-0082], and Fig. 5; (The art teaches that a first request is received, from a user device. The request is for a content to present in a first content slot, which is included in a first resource. The art also teaches that a first time associated with the first request is determined from information included with the first request or by evaluating a log of content item requests. And an expiration time associated with the sequential presentation of content items is determined based on presentation of the first content));  
detecting a request for access to, access to, or both the request for access and access to a second network-based resource at a second time by the first entity (i.e., user device), wherein the second network- based resource and the first entity are represented directly or indirectly by information received by at least one computing device (Parag. [0005], Parag. [0025], Parag. [0084-0085], Parag. [0087], and Fig. 5; (The art teaches that a second request for content is received from the user device. The second request is for content to present in a second content slot, which is included in a second resource. After receiving the second request for content, the amount of time that has elapsed since the first time is determined (i.e., the amount of time elapsed is based on the first time of the first request and a second time at which the second request is received), and a determination is made as to whether the expiation time has passed by comparing the current time (i.e., second time) to the expiration time));  
calculating, at any of the computing device(s) (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), a period of elapsed time between the first time and the second time (Parag. [0005], Parag. [0085], Parag. [0087], and Fig. 5; (The art teaches when receiving a second request, the processor determines the amount of time that has elapsed since the first time (i.e., the amount of time elapsed is based on the first time of the first request and the second time at which the second request is received). The art also teaches that the amount of time that has elapsed since the first time is determined by subtracting the first time from the current time after receiving the second request));    
determining, at any of the computing device(s) (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)), a probability of the first entity accessing or requesting access to the second network-based resource within the period of elapsed time of having accessed the first network-based resource (Parag. [0087-0088] and Fig. 5; (The art teaches that when the expiration time has not passed, and amount of time that has elapsed since the first time (i.e., first request) is determined, and a determination is made as to whether the elapsed time is greater than a predetermined threshold, if so, the first content item is re-presented responsive to the second request)).
Lewis doesn’t explicitly disclose receiving a first physical location of the first entity; receiving a second physical location of the first entity; accessing the resources from the first physical location and from the second physical location; identifying, based on the determined probability, a security threat; and precluding, in response to the identified security threat, the first entity's access to at least one network-based resource. 
		However, Ford discloses:
receiving a first physical location of the first entity; receiving a second physical location of the first entity; and accessing the resources from the first physical location and from the second physical location (Parag. [0004], Parag. [0039], Parag. [0074], Parag. [0087], Parag. [0104-0105], and Parag. [0115]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is atypical. A request to access the resource based on a user identity is received electronically. The system determines whether the request is typical or atypical. If the request is typical, access to the requested resource is granted. However, if the request is atypical, access to the requested resource is only allowed if the correct information is provided in response to one or more access control methods that provide an ;
identifying, based on the determined probability, a security threat (Parag. [0022], Parag. [0041], Parag. [0062], Parag. [0117]; (The art teaches providing a common infrastructure for pluggable feature packs, which provide certain security management functionalities. Examples of such functionalities may include various anti-virus and malware detection, data loss protection (DLP), insider threat detection, and so forth. The security management functionalities may include one or more functionalities associated with analyzing probability distributions of interrelated event features in real time. The security friction system may use time information to determine whether an access request is atypical (e.g., malicious access attempts). As used herein, time information broadly refers to any chronological information from which the temporal occurrence of an event may be determined.  In certain embodiments, elapsed time may be used as an indicator of atypicality. As used herein, elapsed time broadly refers to a comparison made between two or more events))); and 
		precluding, in response to the identified security threat, the first entity's access to at least one network-based resource (Parag. [0004] and Parag. [0122]; (The art teaches providing security friction to a request for access to a resource based on whether the access request is .
		It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Lewis to incorporate the teaching of Ford. This would be convenient for overcoming the issues of leaving the resources of an organization more vulnerable to security threats (Parag. [0002]). 

Claims 2, 4, 5, 13, 17, 19, 20, 25, and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Lewis et al. (Pub. No. US 2019/0244254), hereinafter Lewis; in view of Ford et al. (Pab. No. US 2020/0028853), hereinafter Ford; and in view of Ko et al. (Pub. No. US 2019/0222655), hereinafter Ko. 

Claim 2. 	Lewis in view of Ford discloses the method of claim 1, 
The combination doesn’t explicitly disclose the method further comprising: determining, by the computing device, a distance between the first network-based resource and the second network-based resource, and wherein the determined probability is further based on the determined distance. 
However, Ko discloses:
determining, by the computing device (Parag. [0007]; Computer system), a distance between the first network-based resource and the second network-based resource (Parag. [0020]; (The art teaches discovering a set of resources for providing a set of services through a spatio-cohesive method that considers spatial distance between two services (i.e., distance between two resources))), and 
wherein the determined probability is further based on the determined distance (Parag. [0020-0021] and Parag. [0091]; (The art teaches discovering a set of resources for . 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Ko. This would be convenient for discovering effectively and dynamically appropriate services required for performing user task (Parag. [0002]).

Claim 4. 	Lewis in view of Ford discloses the method of claim 1,   
The combination doesn’t explicitly disclose the method further comprising: defining, by the computing device, a plurality of geographic zones, each geographic zone comprising at least one endpoint for at least one respective network-based resource; determining, by the computing device, a distance between the first network-based resource and the second network-based resource as a function of at least one of the respective geographic zones, and wherein the determined probability is further based on the determined distance. 
However, Ko discloses:
defining, by the computing device (Parag. [0007]; Computer system), a plurality of geographic zones, each geographic zone comprising at least one endpoint for at least one respective network-based resource (Parag. [0040] and Parag. [0107]; (The art teaches that a discovery algorithm needs to dynamically discover valid services, within an environment (i.e., resources network), that are necessary to perform user tasks, and the spatial location of the user and resources affects the effectiveness of delivering services to users. The environment is defined as a two-dimensional space where a number of devices are deployed as service providers (resources))); 
determining, by the computing device, a distance between the first network-based resource and the second network-based resource as a function of at least one of the respective geographic zones (Parag. [0020], Parag. [0040], and Parag. [0107]; (The art teaches discovering a set of resources, within an environment (i.e., resources network), for providing a set of services through a spatio-cohesive method that considers spatial distance between two services (i.e., distance between two resources). The environment is defined as a two-dimensional space where a number of devices are deployed as service providers (resources))), and 
wherein the determined probability is further based on the determined distance (Parag. [0020-0021] and Parag. [0091]; (The art teaches discovering a set of resources for providing a set of services through a spatio-cohesive method that considers spatial distance between two services, which includes a process for generating a service discovery plan based on spatio-cohesiveness requirements including a rule related to spatial distance, and a process for discovering services (i.e., resources) necessary for the task based on the service discovery plan, but after discovering services meeting the spatio-cohesiveness requirements of the task. Services are discovered for being provided a service needed by a user, and services in use are handed over within range that the service is physically provided to the user while the user is on the move. A handover decision rule with hysteresis margin and threshold is used to find the set of resources)). 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify Lewis in view of Ford to incorporate the teaching of Ko. This would be convenient for discovering effectively and dynamically appropriate services required for performing user task (Parag. [0002]).  

Claim 5. 	Lewis in view of Ford discloses the method of claim 1,  
The combination doesn’t explicitly disclose wherein regulating the first entity's access to the at least one network-based resource is based on a change in the first entity's position over time. 
However, Ko discloses wherein regulating the first entity's access to the at least one network-based resource is based on a change in the first entity's position over time (Parag. [0021]; (The art teaches that services (i.e., resources) are discovered for being provided a service needed by a user, and services in use are handed over within range that the service is physically provided to the user while the user is on the move (i.e., user position is changing while the time changes as well))).
 for discovering effectively and dynamically appropriate services required for performing user task (Parag. [0002]).   

Claim 13. 	Lewis in view of Ford discloses the method of claim 1,   
The combination doesn’t explicitly disclose wherein the first network-based resource and the second network-based resource are separated by a distance. 
However, Ko discloses wherein the first network-based resource and the second network-based resource are separated by a distance (Parag. [0020]; (The art teaches discovering a set of resources for providing a set of services through a spatio-cohesive method that considers spatial distance between two services (i.e., distance between the first resource and the second resource))). 
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Ko. This would be convenient for discovering effectively and dynamically appropriate services required for performing user task (Parag. [0002]). 

Claim 17 is taught by Lewis in view of Ford and Ko as described for claim 2.   

Claim 19 is taught by Lewis in view of Ford and Ko as described for claim 4.  

Claim 20 is taught by Lewis in view of Ford and Ko as described for claim 5.  

Claim 25 is taught by Lewis in view of Ford and Ko as described for claim 2.  

Claim 27 is taught by Lewis in view of Ford and Ko as described for claim 4. 



Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Lewis et al. (Pub. No. US 2019/0244254), hereinafter Lewis; in view of Ford et al. (Pab. No. US 2020/0028853), hereinafter Ford; and in view of Moonen (Pub. No. US 2018/0338243).

Claim 9. 	Lewis in view of Ford discloses the method of claim 1,   
Lewis further discloses wherein accessing or requesting access to the second network-based resource by the first entity occurs by logging into a computing device (Parag. [0078]; (The art teaches that the process in Fig. 5 is performed by a content management system 110 with respect to Fig. 1, the content server 302 with respect to Fig. 3, or the content server 410 with respect to Fig. 4)) physically located away from the first network-based resource (Parag. [0055] and Fig. 1; (The art teaches that an action to advance to the next content item in the first sequence is performed by a user device logged into the service associated with the content server (i.e., computing device))).   
The combination doesn’t explicitly disclose wherein accessing the first network-based resource by the first entity physically occurs by scanning an identification card.
However, Moonen discloses wherein accessing the first network-based resource by the first entity physically occurs by scanning an identification card (Parag. [0023]; (The art teaches that an authentication procedure performed by a user on a portable device so that to be verified that an authorized user of a scanned smart card requests access to the server (i.e., resource) via said portable device (i.e., the user accesses a resource by scanning a smart card for authentication, as consistent with the applicant’s definition))).
It would be obvious to one of ordinary skill in the art at the time before the effective filling date of the claimed invention to modify the combination to incorporate the teaching of Moonen. This would be convenient for authenticating the user in requesting access to the server (Parag. [0023]).

                                                           


                                                                                                                                 

Conclusion
		The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Kesin et al. (US 2017/0099311) – Related art in the area of Network Anomaly Detection, (Parag. [0007], generate, based at least on the divergence, an indicator of a potential anomaly).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDELBASST TALIOUA whose telephone number is (571)272-4061.  The examiner can normally be reached on Monday-Thursday 7:30 am - 5:30 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, William Trost can be reached on 571-272-7872.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/A.T./Examiner, Art Unit 2442                                                                                                                                                                                                       
/WILLIAM G TROST IV/Supervisory Patent Examiner, Art Unit 2442