Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 4/27/2020 was filed is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

 	Claims 1-5, 9, 11-15 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gaddam et al. (U.S. Patent Application Publication No. 2014/0373104, hereinafter Gaddam) in view of Shah et al. (U.S Patent Application Publication No. 2016/0087957, hereinafter Shah).
 	With respect to claim 1, Gaddam discloses an data security hub for processing and routing access request messages, the data security hub comprising; a computer readable storage medium storing a plurality of instructions; and one or more processors for executing the instructions stored on the computer readable storage medium to; 
(e.g. Gaddam, paragraphs 0017-0020, “…provide different levels of security based on the sensitivity of the data requested.  A data sensitivity model can define the sensitivity of different types of data.  When an application requests access to particular data item, the sensitivity of that data item can be determined.  If the data item has a low sensitivity, access to the data item can be granted.  If the data item has a high sensitivity, the system can request authentication before granting access to the data item” (paragraph 0017); “When a request to access data is received, an access decision engine 110 can evaluate one or more data security inputs 112 to determine the sensitivity level of the requested data and the current authentication level of the requestor” (e.g. Gaddam, paragraph 0037)).
 	Gaddam does not explicitly discloses but Shah discloses identify set of data processing servers capable of processing the restricted set of authentication information; select a first data processing server from the set of data processing servers based on an evaluated trust level and a network condition of the first data processing server; and send an authentication request including the restricted set of authentication information to the first data processing server (e.g. Shah, paragraphs 0004-0005, “…multifactor authentication described herein leverages various protocols, such as the OpenID protocol” (paragraph 0004); “A network entity such as a service provider (SP) or an identity provider (IdP)…determines a first authentication requirement that is required by the SP to access a first service that is provided by the SP.  The authentication requirement may indicate a first assurance level that is required…the network entity discovers one or more capabilities that are available for the authentication… The network entity may determine whether at least one of the discovered one or more capabilities are sufficient to achieve the first authentication requirement, for instance the authentication assurance level required by the SP. If at least one of the discovered capabilities is determined to be sufficient, one or more authentication factors are selected…” (e.g. Shah, paragraph 0005); 
 	Shah further discloses the authentication may involved local or one or more third party authentication servers (“…the network authentication factors are determined…are initiated and executed…may involve interaction between one or more network entities, …one or more third party authentication servers”, Shah, paragraph 0063)) . 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Gaddam’s determined sensitivity data and risk level of the resources with Shah’s teaching of selecting authentication factors based on assurance level that is required to be met according to the policy requirement of the service provider (Shah, paragraph 0063).  
Moreover, Shah discloses determine the capabilities of the user and device to select the authentication factors but does not explicitly mention determine the capability of the authentication server.  However, since Shah discloses the selection of authentication may involve at least not only the local server but also involved interaction with at least one or  more third party authentication servers (e.g. Shah, paragraph 0063).  


With respect to claim 2, Gaddam and Shah disclose the data security hub of claim 1, wherein the restricting of the one or more types of authentication information comprises removing a certain type of authentication information or a portion of the certain type of authentication information (e.g. Gaddam, paragraph 0065).  	With respect to claim 3, Gaddam and Shah disclose the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine encryption parameters for secure multi-party computation based on the sensitivity levels and apply secure multi-party computation encryption to a certain type of authentication information using the encryption parameters (e.g. Shah, paragraphs 0029, 0031 and 0063).  	With respect to claim 4, Gaddam and Shah disclose the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to determine a trust level for the client device based on historical access request information associated with the client device, wherein the restricting of the one or more types of authentication information is further based on the trust level of the client device (e.g. Gaddam, 0042 and 0059).  	With respect to claim 5, Gaddam and Shah disclose the data security hub of claim 4, wherein the computer readable storage medium further stores instructions that cause the one or more processors to compare interaction information of the client device to an expected set of interactions, wherein the determining of the trust level for the client device is further based on the comparison of the interaction information of the client device to the expected set of interactions (e.g. Gaddam, paragraphs 0042 and 0059). 

With respect to claim 9, Gaddam, Shah disclose the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server, the authentication response message indicating whether the restricted set of authentication information is valid; and send the access request to a resource management computer that manages access to the resource based on the authentication information being valid (e.g. Shah, paragraph 0048). 

	With respect to claims 11-15 and 19, the claims are method claims that are similar to the system claims 1-5 and 9.  Therefore, the claim 11-15 and 19 are rejected based on the similar rationale.

s 6-8, 10, 16-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Gaddam and Shah and further in view of Cario et al. (U.S. Patent Application Publication No. 2013/0083036, hereinafter Cario). 	With respect to claim 6, Gaddam and Shah does not explicitly disclose but Cario discloses the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to generate a first data structure corresponding to a first format of the access request message using a linguistic parser, where the analyzing of the access request message is based on the first data structure (e.g. Cario, paragraph 0035).
 	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive claimed feature with Cario’s AI parsing and analyzing data message with Gaddam’s determining request message to access sensitivity data and risk level of resource to take advantage of AI’s intelligent decisions making process based on high level logic (e.g. Cario, paragraphs 0035-0036).  	With respect to claim 7, Gaddam and Shah does not explicitly disclose But Cario discloses the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to: generate a second data structure corresponding to a second format used by the first data processing server for responding to authentication request messages using a linguistic parser; and generate the authentication request message based on the second data structure (e.g. Cario, paragraphs 0035-0036). 
(e.g. Cario, paragraphs 0035-0036).  	With respect to claim 8, Gaddam, Shah and Cario further discloses the data security hub of claim 7, wherein the computer readable storage medium further stores instructions that cause the one or more processors to add stored authentication information associated with the client device to the authentication request based on the second data structure corresponding to the second format used by the first data processing server (e.g. Gaddam, paragraph 0027; Cario, paragraphs 0035-0036).

 	With respect to claim 10, Gaddam, Shah disclose the data security hub of claim 1, wherein the computer readable storage medium further stores instructions that cause the one or more processors to: receive an authentication response message from the first data processing server; generate a third data structure, using a linguistic parser, corresponding to a third format used by the first data processing server for the authentication response message; compare the third data structure to stored data structures used by the first data processing server for previously received authentication response messages, the comparison of the third data structure and the stored data structures indicating that the first data processing server may have been breached; and sending later authentication request messages to a second data 
 	Gaddam discloses using machine learning process but does not explicitly mention using a linguistic parser according to data structure.  However, Cario discloses using AI process in parsing and analyzing request data messages (e.g. Cario, paragraph 0035-0036).   
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to derive claimed feature with Cario’s AI parsing and analyzing data message with Gaddam’s determining request message to access sensitivity data and risk level of resource to take advantage of AI’s intelligent decisions making process based on high level logic (e.g. Cario, paragraphs 0035-0036). 	
	With respect to claims 16-18 and 20, the claims are method claims that are similar to the system claims 6-8 and 10.  Therefore, the claim 16-18 and 20 are rejected based on the similar rationale.

Conclusion
5.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TONGOC TRAN whose telephone number is (571)272-3843.  The examiner can normally be reached on 9-5 Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571) 272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/TONGOC TRAN/Primary Examiner, Art Unit 2434