Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
The disclosure is objected to because of the following informalities:  
In paragraph 22, line 4, “a HTTPS” should be read “an HTTPS”
In paragraph 30, line 5, “prior” should be read “the prior”
In paragraph 40, line 2, “utilize” should be read “utilizes”
In paragraph 41, “the method 10” should be read “method 10”
In paragraph 42, “the method 30” should be read “method 30”
In paragraph 43, “the method 40” should be read “method 40”
In paragraph 44, “the method 40” should be read “method 40”
In paragraph 45, “the method 60” should be read “method 60”
In paragraph 47, “the method 80” should be read “method 80”
In paragraph 48, “the method 100” should be read “method 100”
In paragraph 54, line 4, “disclose” should be read “disclosed”
In paragraph 56, line 1, “aid” should be read “to aid”
In paragraph 62, line 10, “transforms” should be read “transform”
In paragraph 63, line 13, “information” should be read “the information”

Claim Objections
Claims[10, 12 and 17] objected to because of the following informalities:  
In claim 10, line 1, “comprising” should be read “further comprising”
In claim 12, line 2, “the at” should be read “at”
In claim 17, line 2, “the at” should be read “at”
In claim 17, line 3, “the at” should be read “at”
In claim 17, line 3, “a HTTPS” should be read “an HTTPS”


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim[ 1-22 ] are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1, is rejected as indefinite under 112(b) because it unclear whether they are claiming a method or a system. Examiner suggests replacing “A method of authenticating a user comprising: logging into a first system, the first system comprising” with "A method of authenticating a user comprising: logging into a first token-based authentication system” or appropriate correction is required in response to this office action
The term " custom-built " in claim [3, 4, 21] is a relative term which renders the claim indefinite. The term "custom-built” is not defined by the claim, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. The term custom-built is indefinite and there is no extra details in spec about what or how to do custom-built
Claim 11, is reject as indefinite under 112(b) because it unclear whether they are claiming a method or a system. Some of the details in the system claim 11 "wherein a user accesses at least one SAP application hosted within the application-specific host environment and at least one windows-hosted web application (WHWA) hosted within the extranet via a single login." relate to a method of using the system rather than clearly defining the system in terms of its technical features. The intended limitations are therefore not clear.

Claims [ 1-22 ] contains the trademark/trade name [ Windows, SAP, Oracle database, and NetScaler].  Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.  See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982).  The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product.  A trademark or trade name is used to identify a source of goods, and not the goods themselves.  Thus, a trademark or trade name does not identify or describe the goods associated with the trademark or trade name.  In the present case, the trademark/trade name is used to identify/describe [ platform, application] and, accordingly, the identification/description is indefinite.
The claims scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product.
Claims 1, 11, 17, 21 and 22 contain the trademark/trade name Windows. The term "windows" stated in the claims and the description which has no precise meaning, the term "windows" to which the applicant would like to refer is the Windows environment TM provided by Microsoft Corp. in Redmond, Washington. A trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements
Claims 2-6 and 11-20 contain the trademark/trade name SAP. The term "SAP" stated in the claims and the description which has no precise meaning, the term "SAP" to which the applicant would like to refer is the SAP Business Objects is an enterprise software company. A trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements
Claim 18 contain the trademark/trade name Oracle database. The term " Oracle database " stated in the claims and the description which has no precise meaning, the term " Oracle database " to which the applicant would like to refer is the SAP Business Objects is an enterprise software company. A trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements
Claims 13 and 14 contain the trademark/trade name NetScaler. The term " NetScaler" stated in the claims and the description which has no precise meaning, the term " NetScaler" to which the applicant would like to refer is the SAP Business Objects is an enterprise software company. A trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the
basis for the rejections under this section made in this Office action:
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) (1-3, 7-11, 21, and 22) is/are rejected under 35 U.S.C. 102(a)(1) and (a)(2) as being anticipated by SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”)
Referring to claim 1, SURAPARAJU teaches: A method of authenticating a user comprising: logging into a first system, the first system comprising a token-based authentication system (TBAS); (SURAPARAJU, par. [abstract]” A method and non - transitory computer readable medium for SAML service provider - initiated single sign - on flow. The method including authenticating a client on an authentication server via a single sign-on method; issuing the client a set of access tokens, the set of access tokens containing a list of claims describing an authenticated user; sending a request for a resource hosted on a SAML - SP server to the authentication server”) 
OR ( SURAPARAJU, par. [0009]” A method is disclosed for Security Assertion Markup Language ( SAML ) service provider - initiated ( SP initiated ) single sign - on ( SSO ) flow , the method comprising: authenticating a client on an authentication server via a single sign - on ( SSO ) method ; issuing the client a set of access tokens , the set of access tokens containing a list of claims describing an authenticated user ; sending a request for a resource hosted on a SAML - SP server to the authentication server , the request including a domain and uniform resource locator of the authentication server and the set of access tokens; receiving the access request on the authentication server and parsing the set of access tokens from the access request and validating the authenticated user ; rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client”)
creating, at the TBAS, a cookie based on a token from the TBAS; (SURAPARAJU, par. [0030]” In step 2 , the authentication server 130 then extracts the claims from the JWT token if the JWT token is valid . In accordance with an exemplary embodiment, the authentication server 130 can use the claims to build a claims principal, which is inserted into a login cookie bound to the domain of the SAML – SP server 120”)
requesting access, by the user, to a second system, (SURAPARAJU, par. [0009]” 
issuing the client a set of access tokens, the set of access tokens containing a list of claims describing an authenticated user; sending a request for a resource hosted on a SAML - SP server to the authentication server, the request including a domain and uniform resource locator of the authentication server and the set of access tokens; receiving the access request on the authentication server and parsing the set of access tokens from the access request and validating the authenticated user ; rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client”)
the second system comprising at least one windows-hosted web application (WHWA); (SURAPARAJU, par. [0020]” The computing device 200 also includes an operating system (OS), which manages the computer hardware and provides common services for efficient execution of various software programs. In accordance with an exemplary embodiment, the OS of the CPU 202 is a Linux or Windows® based operating system.”) (SURAPARAJU, par. [0032]” rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client, the page containing a JavaScript code).”)
and decoding and validating the token, (SURAPARAJU, par. [0010]” receiving the access request on the authentication server and parsing the set of access tokens from the access request and validating the authenticated user”)   
thereby granting access to the second system based only on the user logging into the first system. (SURAPARAJU, par. [0010] ”receiving a resource request on the SAML-SP server to access the resource; redirecting the resource request from the SAML-SP server to the authentication server to obtain an authentication of the user using an authentication request protocol message; receiving a SAML SSO request on the authentication server from the SAML-SP server; issuing a SAML SSO response to the SAML-SP server with assertions about the authenticated user; and granting access to the authenticated user to the resource hosted on the SAML–SP server .”)

Referring to claim 2, SURAPARAJU teaches: The method of claim 1, wherein at least one of the first system and the second system comprises a SAP application. (SURAPARAJU. par. [0027] FIG. 3 “shown in FIG. 3, in step 1, a user with a mobile device (for example, a smart phone) 112 requests a resource, service, or application hosted by the SAML-SP server 120.”, 
[0023] “For example, a TSP is a type of communication service provider that has traditionally provided telephone and similar services, which can include incumbent local exchange carriers, competitive local exchange carriers, and mobile wireless communication companies. An ASP is a business providing computer-based services to customers over a network. For example, an ASP can provide access to a particular software application (such as customer relationship management) using a standard protocol, for example, such as HTTP. A SSP is any company that provides computer storage space and related management services, periodic backup, and archiving.”)

Referring to claim 3, SURAPARAJU teaches: The method of claim 2, wherein the WHWA sends the cookie to a custom-built web application hosted on the second system. (SURAPARAJU, [0009] “rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client, the page containing a JavaScript code that redirects the request to the SAML - SP server from
the client”)

Referring to claim 7, SURAPARAJU teaches: The method of claim 1, further comprising determining if a connection between the TBAS and the WHWA is using a service account, (SURAPARAJU, par. [0009]” rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client , the page containing a JavaScript code that redirects the request to the SAML - SP server from
the client [0031] ”In accordance with an exemplary embodiment , the web browser address is to the domain name / uniform resource locator ( domain / url ) of the authentication server 130 with the JWT token as part of the address .”)

Referring to claim 8, SURAPARAJU teaches: the method of claim 7, wherein determining if a connection between the TBAS and the WHWA is using a service account further comprises querying a configuration manager for service account credentials, (SURAPARAJU, par. [0020]” In accordance with an exemplary embodiment, the OS of the CPU 202 is a Linux or Windows® based operating System”, [0028] FIG. 4 “a user of the mobile device 112 logs into a single sign-on (SSO) service 132 hosted on the authentication server 130 using an available authentication single sign-on (SSO) method, for example, a fingerprint, username and password, or pin”, [0029] “Upon login to the authentication server 130 , for example , with a single sign-on ( SSO ) service , the client ( i.e., mobile device 112 ) is issued a set of tokens . For example, in accordance with an exemplary embodiment, the set of tokens are based on JSON Web Token (JWT) by the authentication server 130 and the corresponding single sign on (SSO) service 132 of the authentication server” [0030]” the mobile device 112 preferably has a client application 114, which is configured to provide the user of the mobile device 112 with access to resources or services hosted on a Service Providers (SP), for example, an external web browser 116 managed, for example, by a client or a mobile application 114 (i.e., Think Client / Mobile Application)”, [0031] “In accordance with an exemplary embodiment, the web browser address is to the domain name / uniform resource locator (domain / url ) of the authentication server 130 with the JWT token as part of the address”)

Referring to claim 9, SURAPARAJU teaches: The method of claim 1, wherein decoding and validating the token comprises creating at least one hash file name, (SURAPARAJU, par. [0029], FIG. 4” in accordance with an exemplary embodiment, the set of tokens can be HMAC (keyed - hash message authentication code or hash - based message authentication code) SHA256 ( secure hash algorithm ) encoded .”)

Referring to claim 10, SURAPARAJU teaches: The method of claim 1, further comprising invalidating the token after the expiration of a predetermined time-out period. (SURAPARAJU, par. [0029], FIG. 4 ”the JWT tokens can be configured to expire”, [0031] ”The authentication server 130 parses the JWT token and validates one or more of a signature , an expiry , etc. ( without hitting the database ) of the JWT token . In step 2 , the authentication server 130 then extracts the claims from the JWT token if the JWT token is valid.)

	Referring to claim 11, SURAPARAJU teaches: A system comprising: an intranet; (SURAPARAJU, par. [0030], FIG. 4 ” the communication network 150 can include any telecommunication line and/or network consistent with embodiments of the disclosure including, but are not limited to, telecommunication or telephone lines, the Internet, an intranet, a local area network (LAN) as shown, a wide area network (WAN) and/or a wireless connection”)
 at least one extranet portal forming an interface between the intranet and an extranet; (SURAPARAJU, par. [0030], FIG. 4 ” the mobile device 112 preferably has a client application 114 , which is configured to provide the user of the mobile device 112 with access to resources or services hosted on a Service Providers ( SP ) , for example , an external web browser 116 managed , for example , by a client or a mobile application”)
and at least one application-specific host environment within the intranet; (SURAPARAJU, par. [0020]” In accordance with an exemplary embodiment, the OS of the CPU 202 is a Linux or Windows® based operating System”, par. [0023]” An ASP is a business providing computer - based services to customers over a network [i.e., host environment]. For example, an ASP can provide access to a particular software application (such as customer relationship management”)
wherein a user accesses at least one SAP application hosted within the application- specific host environment and at least one windows-hosted web application (WHWA) hosted within the extranet via a single login. (SURAPARAJU, par. [0020]” In accordance with an exemplary embodiment, the OS of the CPU 202 is a Linux or Windows® based operating System”, [0022] ”SAML SP can be any entity that provides organizations with enterprise servers , for example , consulting , legal , real estate, communications, storage, processing. For example, the SAML SP can be a third party or outsource supplier, for example, telecommunication service providers (TSPs), application service providers (ASPs), storages service providers (SSPs) and internet service providers (ISPs).”, [0032] The authentication server 130 renders a page and passes the login cookie to the web browser of the mobile device 112. In accordance with an exemplary embodiment, in step 3, the page (i.e., request) received from the authentication server 130 contains a JavaScript code that redirects the browser to the SAML-SP 120”, [0035] “the SAML-SP 120 grants access to the resource (for example, supplies the resources 122 to the authenticate user and mobile device/client 112) and the user can proceed as normal without ever having to login into either the SAML-SP server 120 and/or the authentication server 130.”)

Referring to claim 21, SURAPARAJU teaches: A method of authenticating a user comprising:
logging into a first system, the first system comprising a token-based authentication system (TBAS);
(SURAPARAJU, [0022], FIG. 1” In accordance with an exemplary embodiment, the web browser address is to the domain name/uniform resource locator (domain/url) of the authentication server 130 with the JWT token as part of the address”)
creating, at the TBAS, a cookie based on a token from the TBAS, the cookie comprising one or more parameters relating to an authenticated environment of the TBAS;( [0031]” the authentication server 130 then extracts the claims from the JWT token if the JWT token is valid. In accordance with an exemplary embodiment, the authentication server 130 can use the claims to build a claims principal, which is inserted into a login cookie bound to the domain of the SAML – SP server 120. “) 
upon requesting access to a second system by the user, sending the cookie to the second system; (par. [0032] “The authentication server 130 renders a page and passes the login cookie to the web browser of the mobile device 112 [i.e., second system].”)
 	and using a custom-built windows application to decode and validate the cookie if the connection between the first system and the second system uses a service account. (par. [ 0032]” FIG. 1 “The authentication server 130 renders a page and passes the login cookie to the web browser of the mobile device 112. In accordance with an exemplary embodiment , in step 3 , the page ( i.e. , request ) received” from the authentication server 130 contains a JavaScript code that redirects the browser to the SAML - SP 120 ( for example , to gmail .com )”, [0031] In accordance with an exemplary embodiment , the web browser address is to the domain name / uniform resource locator ( domain / url ) of the authentication server 130 with the JWT token as part of the address”)

Referring to claim 22, SURAPARAJU teaches: the method of claim 21, wherein the second system comprises at least one windows-hosted web application (WHWA). (SURAPARAJU, par. [0032]” The authentication server 130 renders a page and passes the login cookie to the web browser of the mobile device 112. In accordance with an exemplary embodiment, in step 3, the page (i.e., request) received from the authentication server 130 contains a JavaScript code that redirects the browser to the SAML-SP 120”)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  



Claims (4-6) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and in view of TAN et al. (US-20010045451-A1, TAN referred to as " TAN”)
Referring to claim 4, SURAPARAJU suggest all the limitations and motivation of claim 3, as discussed above.
	SURAPARAJU fails to teach wherein decoding and validating the token is performed by the custom-built web application, and wherein the custom-built web application saves the token as a text file. 
However, TAN further teaches the method of claim 3, wherein decoding and validating the token is performed by the custom-built web application, and wherein the custom-built web application saves the token as a text file. (TAN, par. [0024] “Referring again to FIG. 1, an embodiment of the present invention makes use, for example, of a user work, Station or client WorkStation 16 on the user Side and an access server 14 on the server side. Each user workstation 16 is equipped with a Smart card reader 26 and associated Software. The Software includes the Smart card reader driver for the operating System, and any Suitable operating System, such as Windows NT or Windows 95/98, can be employed. An embodiment of the present invention also uses, for example, a Standard browser, Such as NetScape Communicator, plug-in to allow the browser to access the Smart card 10. The access server 14 uses an Active Server Page (ASP) to communicate with the Smart card 10, and to allow the Smart card 10 to perform its functions.”, par. [0049] “Exposed functions for the software also include, for example, public function Decrypt Verify (strCrypt as String, StrClear as String, StrSender as String, Optional blnURLEncoded as Boolean=False) as long. strCrypt is a String with no minimum or maximum length that contains the encrypted value that one attempts to decrypt of which one attempts to Verify the Signature. StrClear is a String with no minimum or maximum length that is sent into the method (presumed to be empty) and returns with the value of the clear text token to be utilized by the parent application. StrSender is a String with no minimum or maximum length”),
SURAPARAJU and TAN are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of SURAPARAJU and TAN where him or her check wherein the web-based application work to extract distinct information from a cookie of SURAPARAJU, then save this information as a text in order to use it later for login of TAN. The suggestion and/or motivation for doing so would be extract the information and save the token as clear text.

Referring to claim 5, SURAPARAJU - TAN suggest all the limitations and motivation of claim 4, as discussed above. 
TAN further teaches wherein the WHWA reads the text file to determine an identity of the user.  (TAN, par. [0024] “Referring again to FIG. 1, an embodiment of the present invention makes use, for example, of a user work, Station or client WorkStation 16 on the user Side and an access server 14 on the server side. Each user workstation 16 is equipped with a Smart card reader 26 and associated Software. The Software includes the Smart card reader driver for the operating System, and any Suitable operating System, such as Windows NT or Windows 95/98, can be employed. An embodiment of the present invention also uses, for example, a Standard browser, Such as NetScape Communicator, plug-in to allow the browser to access the Smart card 10. The access server 14 uses an Active Server Page (ASP) to communicate with the Smart card 10, and to allow the Smart card 10 to perform its functions”, [0049] “StrClear is a String with no minimum or maximum length that is sent into the method (presumed to be empty) and returns with the value of the clear text token to be utilized by the parent application. “)

Referring to claim 6, SURAPARAJU - TAN suggest all the limitations and motivation of claim 5, as discussed above. 
SURAPARAJU further teaches wherein the WHWA sets an identity of the request resulting from requesting access, by the user, to the second system, to the identity of the user. (SURAPARAJU, par. [0009] “receiving the access request on the authentication server and parsing the set of access tokens from the access request and validating the authenticated user; rendering a page on the authentication server and passing the page with a login cookie bound to the domain of the authentication server to the client, the page containing a JavaScript code that redirects the request to the SAML - SP server from the client ; receiving a resource request on the SAML-SP server to access the resource; redirecting the resource
request from the SAML - SP server to the authentication server to obtain an authentication of the user using an authentication request protocol message; receiving a SAML SSO request on the authentication server from the SAML SP server; issuing a SAML SSO response to the SAML-SP server with assertions about the authenticated user; and granting access to the authenticated user to the resource hosted on the SAML - SP server”)


Claims (12) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and in view of 
Referring to claim 12, SURAPARAJU suggest all the limitations and motivation of claim 11, as discussed above.
	SURAPARAJU fails to teach at least one web dispatcher communicatively coupled between the extranet and the extranet portal. 
However, LONNI further teaches: at least one web dispatcher communicatively coupled between the extranet and the extranet portal, (LONNI, par. [0025] “The user may input the request into user terminal 110 via a web page, batch file, web service, API, and/or through any other suitable method. The request may comprise the parent transaction account from which to link the virtual token”, par. [0076] “phone, smart phone, minicomputer, mainframe or the like. A web client can be in a home or business environment with access to a network. In various embodiments, access is through a network or the Internet through a commercially available web-browser software package”).
wherein the at least one web dispatcher communicates with the extranet portal via a hypertext transfer protocol secure (HTTPS) connection, (LONNI, par. [0076] “A web client may implement security protocols such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS). web client may implement several application layer protocols including http, https, ftp, and sftp”, [0074] “A web client includes any device (e.g., personal computer) which communicates via any network, for example such as those discussed herein. Such browser applications comprise Internet browsing software installed within a computing unit or a system to conduct online transactions and/or communications.”)
SURAPARAJU and LONNI are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of SURAPARAJU and  where him or her check wherein an enterprise application on the system, such as SAP at least one windows-hosted web application (WHWA) hosted within the extranet via a single login of SURAPARAJU, use a secure protocols such as SSL,TLS or HTTPS for login with the intranet of LONNI. The suggestion and/or motivation for doing to enhance the security by encrypt the traffic


Claims (13-15) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and in view of , and further in view of WITHR SCHMIDT et al. (US-20060123234-A1, SCHMIDT referred to as "SCHMIDT”)
Referring to claim 13, SURAPARAJU - LONNI suggest all the limitations and motivation of claim 12, as discussed above. 
The combination of SURAPARAJU - LONNI fails to teach at least one reverse proxy NetScaler communicatively coupled between the at least one web dispatcher and the extranet.  
However, SCHMIDT teaches, at least one reverse proxy NetScaler communicatively coupled between the at least one web dispatcher and the extranet. (SCHMIDT par. [0042] FIG.3 “system components typically used to maintain security during Web SSO that uses tokens to access extranet resources and allows shadow directories to be omitted. Web SSO may maintain security by providing the following components.”, par. [0043]” First, Security Token Service Proxies for the Active Directory 301 are provided. These services produce web appropriate security tokens for identities and attributes contained in Active Directory 305. The Active Directory 305 stays in the intranet 313, protected by proxied services 309 in the DMZ 314. A web server (“WS”) 320 is deployed in the DMZ to make applications available to a client or web client, 311. Deploying the WS in the DMZ typically calls for deploying the FSR 309 in the DMZ so that trust is established between the WS and FSR without causing security issues by crossing the DMZ. Intranet boundary. FSP-A321 is the proxy server of FSA 3.08.”).
(SURAPARAJU, LONNI) and SCHMIDT are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of (SURAPARAJU, LONNI) and  where him or her check wherein use a secure protocol such as SSL, TLS or HTTPS for the traffic of LONNI, the network structure has to have a proxy to connect the user from outside to the web dispatcher of SCHMIDT. The suggestion and/or motivation for doing to enhance the security

Referring to claim 14, SURAPARAJU – LONNI, further in view of SCHMIDT, hereinafter [SURAPARAJU – LONNI - SCHMIDT] further teaches: The system of claim 13, further comprising: a first firewall; and a first demilitarized zone. (SCHMIDT par. [0041]” A demilitarized Zone (“DMZ') may refer to a perimeter security network typically established at a boundary between a local area network (“LAN) and the internet. Such a DMZ serves to protect servers on the LAN from malicious users on the internet. Typically, a firewall stands between the LAN and DMZ.”, [0050] FIG. 4 is a block diagram showing overall pro-cessing flow for extranet access. The extranet DMZ [Clarification: the DMZ include first firewall as mentioned above in par. [0041]. FIG. 4] active directory ("AD") 404 has a one-way Windows™ trust to the corpnet active directory 402. A LogonSever/Federation-Server ("LS-R/FS-R")”). 
The rational for combining is the same as claim 13 above.

Referring to claim 15, SURAPARAJU – LONNI - SCHMIDT further teaches: The system of claim 14, further comprising: a second firewall disposed between the reverse proxy NetScaler and the web dispatcher; (SCHMIDT par. [0041] “A demilitarized zone ("DMZ") may refer to a perimeter security network typically established at a bound-ary between a local area network ("LAN") and the internet. Such a DMZ serves to protect servers on the LAN from malicious users on the internet. Typically a firewall stands between the LAN and DMZ. A DMZ may include proxy servers, web servers, and virtual private network ("VPN") servers. Proxy servers typically provide secure access for external users accessing information on the LAN”, par. [0043], FIG. 3” protected by proxied services 309 in the DMZ 314. A web server ("WS") 320 is deployed in the DMZ [Clarification: the DMZ include second firewall and proxy as mentioned above in par. [0041]. FIG. 4] to make applications available to a client or web client”),
A third firewall disposed between the web dispatcher and the extranet portal; SCHMIDT, [0043] ” These services produce web appropriate security tokens for identities and attributes contained in Active Directory 305. The Active Directory 305 stays in the intranet 313, protected by proxied services 309 in the DMZ 314. A web server (“WS”) 320 is deployed in the DMZ to make applications available to a client or web client, 311. Deploying the WS in the DMZ typically calls for deploying the FSR 309 in the DMZ so that trust is established between the WS and FSR without causing security issues by crossing the DMZ. Intranet boundary. FSP-A321 is the proxy server of FSA 3.08.”),
wherein the reverse proxy NetScaler is disposed within the first demilitarized zone, and wherein the web dispatcher is disposed within the second demilitarized zone. (SCHMIDT par. [0041] “A demilitarized zone ("DMZ") may refer to a perimeter security network typically established at a bound-ary between a local area network ("LAN") and the internet. Such a DMZ serves to protect servers on the LAN from malicious users on the internet. Typically a firewall stands between the LAN and DMZ. A DMZ may include proxy servers, web servers, and virtual private network ("VPN") servers. Proxy servers typically provide secure access for external users accessing information on the LAN”, par.[0050]” FIG. 4 is a block diagram showing overall processing flow for extranet access. The extranet DMZ [Clarification: the DMZ include second firewall and proxy as mentioned above in par. [0041]. FIG. 4] active directory ("AD") 404 has a one-way Windows™ trust to the corpnet active directory 402.”, [0051] “The client accesses a traditional web application running on the web server, WS, deployed in the DMZ.”). The rational for combining is the same as claim 13 above.


Claims (16 and 18) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and in view of SCHMIDT et al. (US-20060123234-A1, SCHMIDT referred to as "SCHMIDT”)
Referring to claim 16, SURAPARAJU suggest all the limitations and motivation of claim 11, as discussed above.
	SURAPARAJU fails to teach at least one application-specific server disposed within the application-specific host environment
However, SCHMIDT further teaches: at least one application-specific server disposed within the application-specific host environment.  
(SCHMIDT, par. [0043]” A web server (“WS”) 320 is deployed in the DMZ to make applications available to a client or web client”). 
SURAPARAJU and SCHMIDT are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of SURAPARAJU and  where him or her check wherein a t least one extranet interface between the intranet and extranet also at least one enterprise application hosted within application- specific host environment and at least one windows-hosted web application (WHWA) hosted within the extranet via a SSO of SURAPARAJU, providing an application specific server within the application-specific host environment of SCHMIDT. The suggestion and/or motivation for doing to prepare the suitable platform to host application

Referring to claim 18, SURAPARAJU suggest all the limitations and motivation of claim 11, as discussed above.
	SURAPARAJU fails to teach at least one of an active directory authentication server, a SAP basis server, and an Oracle database.  
However, SCHMIDT teaches: at least one of an active directory authentication server, (SCHMIDT par. [0022] Tokens are typically used to authenticate users. Active Directory Federation Services (“ADFS”)TM is an example of an authentication system that provides ADFS tokens, for authentication and authorization to applications in a DMZ to exchange data.”),
a SAP basis server, (SCHMIDT [0050]” A Logon Sever/Federation Server (“LS-R/FS-R')”),
and an Oracle database.  (SCHMIDT, par. [0033]” (Account Administrator) 204-207 component which is typically a service that defines identities and attributes for controlling user access to website resources. Examples may include LDAP-based directories, SQL-based databases”). The rational for combining is the same as claim 16 above.

Claims (17) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and view of SCHMIDT et al. (US-20060123234-A1, SCHMIDT referred to as "SCHMIDT”) and further view of TAN et al. (US-20010045451-A1, TAN referred to as " TAN”)
Referring to claim 17, SURAPARAJU - SCHMIDT suggest all the limitations and motivation of claim 16, as discussed above. 
The combination of SURAPARAJU - SCHMIDT fails to teach at least one web farm; and multiple windows internet information services (IIS) web servers hosted on the at least one web farm, wherein the at least one application-specific server is coupled to the at least one web farm via a HTTPS connection.  
However, TAN teaches at least one web farm; (TAN, par. [0013]” The access Server Sends the authentication cookie or cookies to the browser of the client workstation and redirects the browser at the client WorkStation to one or more additional Servers, Such as the online banking System Server [i.e., a web farm]. The additional Server or Servers verifies the authentication cookie for access for the user to the additional Server or Servers, Such as the online home banking System Server.”)
and multiple windows internet information services (IIS) web servers hosted on the at least one web farm, wherein the at least one application-specific server is coupled to the at least one web farm via a HTTPS connection. (par. [0041]” Aspects of an embodiment of the present invention involve, for example, enabling the online banking System home page to read authentication cookies, the online banking System trusted logon, implementing the Smart card logon page, incorporating authentication cookie management to the IIS ASP page, redirecting the browser of the user's PC 16 to the online banking System home page, incorporating IIS ASP routine into the access server 14, and mapping Logical Card-ID to the online banking System user ID.”, [0032]” The Smart card logon page is a Secure web site via Secure Hypertext Transfer Protocol (HTTPS).”)
(SURAPARAJU – SCHMIDT) and TAN are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of (SURAPARAJU – SCHMIDT) and  where him or her check wherein the network structure has a server disposed within the application-specific host environment of (SURAPARAJU – SCHMIDT), the server deployed with IIS to redirect the user request to the free server to process it of TAN. The suggestion and/or motivation for doing to reduce and enhance the request process time


Claims (19) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and view of WANG et al. (US-20180288150-A1, WANG referred to as " WANG”)
Referring to claim 19, SURAPARAJU suggest all the limitations and motivation of claim 11, as discussed above. 
However, SURAPARAJU does not explicitly at least one exchange server communicatively coupled via a first simple mail transfer protocol (SMTP) connection to the application-specific host environment; and at least one client communicatively coupled to the at least one exchange server via a second simple mail transfer protocol (SMTP) connection, and communicatively coupled to the application-specific host environment via an HTTPS connection. 
However, WANG teaches: at least one exchange server communicatively coupled via a first simple mail transfer protocol (SMTP) connection to the application-specific host environment; (WANG, par. [0017], FIG. 1 “such as Exchange servers, via a Simple Mail Transfer Protocol (SMTP) interface are described. For example, the systems and methods may provide an SMTP server between one or more Exchange servers and a media agent”)
and at least one client communicatively coupled to the at least one exchange server via a second simple mail transfer protocol (SMTP) connection, and communicatively coupled to the application-specific host environment via an HTTPS connection. (WANG, par. [0053], FIG. 1C “System 100 includes computing devices and computing technologies. For instance, system 100 can include one or more client computing devices 102 and secondary storage computing devices 106, as well as storage manager 140 or a host computing device for it”, [0107] “Management agent 154 can provide storage manager 140 with the ability to communicate with other components within system 100 and/or with other information management cells via network protocols and application programming interfaces (APIs) including, e.g., HTTP, HTTPS, FTP, REST, virtualization software APIs, cloud service provider APIs, and hosted service provider APIs, without limitation, Management agent 154 also allows multiple information management cells to communicate with one another.”, [0060] ”Each client computing device 102 may have application(s) 110 executing thereon which generate and manipulate the data that is to be protected from loss and managed in system 100. Applications 110 generally facilitate the operations of an organization, and can include, without limitation, mail server applications (e.g., Microsoft Exchange Server), file system applications, mail client applications (e.g., Microsoft Exchange Client), database applications or database management systems (e.g., SQL, Oracle, SAP, Lotus Notes Database), word processing applications (e.g., Microsoft Word)”).
SURAPARAJU and WANG are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of SURAPARAJU and WANG where him or her check wherein an enterprise application on the system, such as SAP at least one windows-hosted web application (WHWA) hosted within the extranet via a single login of SURAPARAJU, the exchange server using SMTP protocol for user applications in specific environment of WANG. The suggestion and/or motivation for doing to deliver a high performance and dependable network for intranet users.

Claims (20) is/are rejected under 35 U.S.C. 103 as being unpatentable over SURAPARAJU et al. (US-20200106766-A1, SURAPARAJU referred to as "SURAPARAJU”) and view of AMDAHL et al. (US-9491157-B1, AMDAHL referred to as " AMDAHL”)
Referring to claim 20, SURAPARAJU suggest all the limitations and motivation of claim 11, as discussed above. 
However, SURAPARAJU does not explicitly disclose wherein at least one connection between one or more components of the system comprises at least one of a secure socket layer (SSL) connection, a transport layer security (TLS) connection, and a new technology LAN manager (NTLM) connection.  
However, AMDAHL teaches: wherein at least one connection between one or more components of the system comprises at least one of a secure socket layer (SSL) connection, a - 27 -Docket No.: 2012738-0232 (SA2189) transport layer security (TLS) connection, and a new technology LAN manager (NTLM) connection. (AMDAHL, col. [003], line. [0036-0046]” If the server receives a communication that includes a response message, it may perform one or more actions to validate the response message. If the response message is validated, the connection between the client and server may be considered authenticated. In some embodiments, the challenge-response authentication protocol may be operative in addition to encryption protocols such as Secured Socket Layer (SSL), Transport Layer Security (TLS), or the like. For example, NT LAN Manager (NTLM) authentication may be considered a challenge-response authentication protocol.”).
SURAPARAJU and AMDAHL are analogous art because they are from the same field of endeavor in security and user validation. Before the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art, having the teaching of SURAPARAJU and  where him or her check wherein an enterprise application on the system, such as SAP at least one windows-hosted web application (WHWA) hosted within the extranet via a single login of SURAPARAJU, use a secure protocols such as SSL,TLS or NTLM for transferring the traffic within the network of AMDAHL. The suggestion and/or motivation for doing to enhance the security by authenticating a user


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's
Disclosure. FAUSAK et al. (US-9407725-B2, FAUSAK referred to as " FAUSAK”) suggests ([col. 42, line. 1-6] “The HTML client receives (via standard HTML-method compatible code, such as JavaScript) datastreams to use for interpreting transcoded data. The HTML client may extract all input streams and apply this to localized functions and devices. The HTML client may encode all output streams as specified in the Script (JavaScript) and applies it to remote
functions and devices.”)
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AHMED HUMADI whose telephone number is (571)272-2066. The examiner can normally be reached (8:30 am - 3:00 pm) alt. Fri.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Mark Featherstone can be reached on 571-270-375. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.  
/AHMED HUMADI/Examiner, Art Unit 4112                                                                                                                                                                                                        
/Alison Slater/             Primary Examiner, Art Unit 4112