Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a non-final office action. Claims 1 through 20 were considered.

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/24/2022 has been entered.
 
Response to Amendment
3.	This action is in response to communication filed on 01/24/2022.
a. Claims 1-20 are pending in this application.
b. Claims 1, 10 and 15 has been amended.

Response to Arguments Regarding Claim Rejections – 35 USC § 102/103
4.	Applicant's arguments, see page 6-9 of REMARKS, filed on 01/24/2022, with respect to Claim Rejections - 35 USC § 102/103 have been fully considered. Applicant’s arguments with respect to claim(s) 1, 10 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 10-11 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Satish (US 8,205,239 B1) in view of Megahed et al. (US 2019/0147089 A1, hereinafter Megahed).

Regarding claim 1, Satish teaches a system comprising:  
5a first server (fig. 1(112)) comprising one or more processors (fig. 3(314)) configured to generate a plurality of log files based on requests received from a client device ([Col 4, 66-67; Col 5, 1-3]: the name server 112 monitors and records the various access requests made by users of computing systems 104 and may adaptively adjust security policies that are applied to access requests based on the recorded activity.), wherein the requests are application requests ([Col 5, 3-6]: security policies may be applied to access requests to remote network sites 124 (i.e. request are for web applications)), and wherein each log file is generated based, at least in part, on event information and an application identifier associated with a request and at least one of a plurality of custom parameters ([Col 8, 26-32, 43-46]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. a number of pieces of information are collected related to a particular user. For example, for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded. While data is illustrated in FIG. 6 as being related to a particular user, such as identified by a user ID that the user uses when logging into a computing system (i.e. record is generated based on event information such as user ID or computing system information associated with the request, application identifier such as site/application address and custom parameter such as ‘count’, ‘site reputation’. As provided in application specification [45] - custom parameter helps to customize the storage of logged data)); 
a second server (fig. 1(124)) comprising one or more processors configured to host an 10application accessed by the client device ([Col 4, 45-48]: a user of a computing system 104 may request access through a wide area network 120 to a network site 124. For example, a user of a computing system 140 may desire to access an Internet website (i.e. 124 hosts the application accessed by user)), wherein the first server is coupled between the client device and the second server (fig. 1(112, 124) as seen in fig. 1 name server 112 is between the client 104 and network site 124) and is configured to handle requests between the client device and the second server ([Col 4, 45-53]: a user of a computing system 104 may request access through a wide area network 120 to a network site 124. For example, a user of a computing system 140 may desire to access an Internet website. The browser application takes this information and accesses the name server 112 that resolves a physical network address for the requested network site 124 (i.e. 112 handles the request from client 104 to network site 124)); and 
a database system configured to store application data associated with the application and the client device ([Col 8, 26-43]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. Table 600 may be stored on a name server, in a storage server or database server that is coupled to a name server (i.e. database server stores the data associated with application device 124 and client device 104).  
Satish however does not teach wherein the requests are application requests for one or more application components of a distributed application.
Megahed teaches wherein the requests are application requests for one or more application components of a distributed application ([13]: The environment 100 are one or more cloud clients 110 submitting queries to cloud application instances 120 to access applications, databases, services, etc. deployed as such. The one or more cloud clients 110 may, by means of non-limiting example, submit queries to a sports website deployed in cloud application instances 120 regarding the real-time score of a sporting event, submit queries to a video-on-demand service deployed in cloud application instances 120, or submit queries to buy newly released tickets from a ticket sales company deployed in cloud application instances 120 (i.e. application can be cloud application and client access it using site)).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to further incorporate the teachings of Walsh and the requests are application requests for one or more application components of a distributed application. One of ordinary skilled in the art would have been motivated to combine the teachings in order to optimize the number of cloud application instances provisioned (Megahed, [13]).


Regarding claim 2, Satish in view of Megahed teaches the system of claim 1.
Satish further teaches wherein the plurality of custom parameters is configured to determine a plurality of data fields (fig. 6 and [Col 8, 30-34]: for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded (i.e. custom parameter ‘site address’, ‘count’, site reputation’ records data fields)) and a plurality of types of data values included in each log file ([Col 8, 30-34]: for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded (i.e. the custom parameter determines types of data values in table, for example – the parameter ‘counts’ determines data value is number of times user requested to access the site address)).  

20 	Regarding claim 3, Satish in view of Megahed teaches the system of claim 2.
Satish further teaches wherein each log file of the plurality of log files comprises at least one of: a user identifier, an application identifier, a device identifier ([Col 8, 43-47]: While data is illustrated in FIG. 6 as being related to a particular user, such as identified by a user ID that the user uses when logging into a computing system, such data may also be associated with a particular computing system (i.e. each record is associated with user ID or computing system ID)), a browser identifier, and a time stamp.  

Regarding claim 4, Satish in view of Megahed teaches the system of claim 1.
Satish further teaches wherein the first server further comprises:  25a storage device configured to store the plurality of log files ([Col 8, 37-38]: Table 600 may be stored on a name server (i.e. record is stored on storage of name server 112)).  

Regarding claim 10, Satish teaches a device comprising: 
a first communications interface (fig. 1(112)) communicatively coupled to a client device (fig. 1(104)); 
a processing device (fig. 3(314)) comprising one or more processors configured to:  
20receive a plurality of requests from the client device (fig. 9(910), [Col 10, 3-4]: an access request is received, as indicated at block 910. [Col 4-5, 66-67 and 1-3]: the name server 112 monitors and records the various access requests made by users of computing systems 104 (i.e. receive request from client 104), wherein the plurality of requests comprises application requests ([Col 5, 3-6]: security policies may be applied to access requests to remote network sites 124 (i.e. request are for web applications)); and 
generate a plurality of log files based on the plurality of requests received from the client device ([Col 4, 66-67; Col 5, 1-3]: the name server 112 monitors and records the various access requests made by users of computing systems 104 and may adaptively adjust security policies that are applied to access requests based on the recorded activity (i.e. generate the record based on client request)), wherein each log file is generated based, at least in part, on event information and an application identifier associated with a request and at least one of a plurality of custom parameters ([Col 8, 26-32, 43-46]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. A number of pieces of information are collected related to a particular user. For example, for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded. While data is illustrated in FIG. 6 as being related to a particular user, such as identified by a user ID that the user uses when logging into a computing system (i.e. record is generated based on event information such as user ID or computing system information associated with the request, application identifier such as site/application address and custom parameter such as ‘count’, ‘site reputation’. As provided in application specification [45] - custom parameter helps to customize the storage of logged data));  
25a storage device configured to store the plurality of log files ([Col 8, 26-43]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. Table 600 may be stored on a name server (i.e. name server includes storage for table 600)); and 
a second communications interface (fig. 1(124)) communicatively coupled to a second server, the second server being configured to host an application accessed by the client device ([Col 4, 45-48]: a user of a computing system 104 may request access through a wide area network 120 to a network site 124. For example, a user of a computing system 140 may desire to access an Internet website (i.e. 124 hosts the application accessed by user)).  
Satish however does not teach wherein the plurality of requests comprises application requests for one or more application components of a distributed application.
Megahed teaches wherein the plurality of requests comprises application requests for one or more application components of a distributed application ([13]: The environment 100 are one or more cloud clients 110 submitting queries to cloud application instances 120 to access applications, databases, services, etc. deployed as such. The one or more cloud clients 110 may, by means of non-limiting example, submit queries to a sports website deployed in cloud application instances 120 regarding the real-time score of a sporting event, submit queries to a video-on-demand service deployed in cloud application instances 120, or submit queries to buy newly released tickets from a ticket sales company deployed in cloud application instances 120 (i.e. application can be cloud application and client access it using site)).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to further incorporate the teachings of Walsh and the requests are application requests for one or more application components of a distributed application. One of ordinary skilled in the art would have been motivated to combine the teachings in order to optimize the number of cloud application instances provisioned (Megahed, [13]).

Regarding claim 15, Satish teaches a method comprising: 
receiving, at a first communications interface of a first server (fig. 1(112)), a plurality of 15requests from a client device (fig. 9(910), [Col 10, 3-4]: an access request is received, as indicated at block 910. [Col 4, 66-67; Col 5, 1-3]: the name server 112 monitors and records the various access requests made by users of computing systems 104 (i.e. receive requests from client 104)), wherein the plurality of requests comprises application requests ([Col 5, 3-6]: security policies may be applied to access requests to remote network sites 124 (i.e. request are for web applications)); 
generating, using a processing device (fig. 3(314)) of the first server, a plurality of log files based on the plurality of requests received from the client device ([Col 4, 66-67; Col 5, 1-3]: the name server 112 monitors and records the various access requests made by users of computing systems 104 and may adaptively adjust security policies that are applied to access requests based on the recorded activity.), wherein each log file is generated based, at least in part, on event information and an application identifier associated with a request and at least one of a plurality of custom parameters ([Col 8, 26-32, 43-46]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. a number of pieces of information are collected related to a particular user. For example, for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded. While data is illustrated in FIG. 6 as being related to a particular user, such as identified by a user ID that the user uses when logging into a computing system (i.e. record is generated based on event information such as user ID or computing system information associated with the request, application identifier such as site/application address and custom parameter such as ‘count’, ‘site reputation’. As provided in application specification [45] - custom parameter helps to customize the storage of logged data)); and  
20storing the plurality of log files in a storage device of the first server ([Col 8, 26-43]: FIG. 6, a table 600 is illustrated for an exemplary embodiment that includes information related to users and access requests generated by the users. Table 600 may be stored on a name server (i.e. name server includes storage for table 600)).  
Satish however does not teach wherein the plurality of requests comprises application requests for one or more application components of a distributed application.
Megahed teaches wherein the plurality of requests comprises application requests for one or more application components of a distributed application ([13]: The environment 100 are one or more cloud clients 110 submitting queries to cloud application instances 120 to access applications, databases, services, etc. deployed as such. The one or more cloud clients 110 may, by means of non-limiting example, submit queries to a sports website deployed in cloud application instances 120 regarding the real-time score of a sporting event, submit queries to a video-on-demand service deployed in cloud application instances 120, or submit queries to buy newly released tickets from a ticket sales company deployed in cloud application instances 120 (i.e. application can be cloud application and client access it using site)).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to further incorporate the teachings of Walsh and the requests are application requests for one or more application components of a distributed application. One of ordinary skilled in the art would have been motivated to combine the teachings in order to optimize the number of cloud application instances provisioned (Megahed, [13]).

Regarding Claims 11 and 16, they do not teach or further define over 2. Therefore, claims 11 and 16 are rejected for the same reason as set forth above in 2.

Claim 5-6, 12 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Satish and Megahed further in view of Walsh et al. (US 2012/0179787 A1, hereinafter Walsh).

Regarding claim 5, Satish in view of Megahed teaches the system of claim 1.
	Satish in view of Megahed however does not teach wherein the one or more processors of the first server are further configured to modify a request received from the client device based on a plurality of rules identified based, at least in part, on the request.
	Walsh teaches wherein the one or more processors of the first server (fig. 2(205)) are further configured to modify a request received from the client device based on a plurality of rules identified based, at least in part, on the request ([22, 24]: a user requests content using one or more proxy servers such as server 205. The proxy server may determine whether the user has restricted or unrestricted access to external network content (i.e. determine based on predefined rule if user is allowed to access content). If the proxy server determines that the user's access to the requested content is restricted (e.g., not permitted to receive the content), the proxy server may modify the request to replace a user and/or device identifier associated with the content request with another identifier in step 310. The replacement identifier is used to achieve unfettered or unrestricted access to the requested content and/or to the external network in general (i.e. modify the user identifier in the request).  
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to incorporate the teachings of Walsh and modify client request based on rules. One of ordinary skilled in the art would have been motivated to combine the teachings in order for unrestricted access to the requested content (Walsh, [24]).

Regarding claim 6, Satish in view of Megahed and Walsh teaches the system of claim 5.
	Satish in view of Megahed however does not teach wherein the modifying of the request comprises masking one or more data values included in the request.
	Walsh teaches wherein the modifying of the request comprises masking one or more data values included in the request ([22]: to bypass the traditional user based filters of the proxy server B 207, proxy server B 207 may mask the user's identity using credentials that would allow and provide unfettered network access when passed to and/or requested from proxy server A 205. One type of masking may include using an unrestricted-access username, device name or other identifier rather than the actual requesting user or device's identifier (i.e. masking the user identifier in the request))  
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed and Walsh to further incorporate the teachings of Walsh and modifying request includes masking data values in the request. One of ordinary skilled in the art would have been motivated to combine the teachings in order for unrestricted access to the requested content (Walsh, [24]).

Regarding Claims 12 and 17-18, they do not teach or further define over claims 5 and 5-6 respectively. Therefore, claim 12 and 17-18 are rejected for the same reason as set forth above in claims 5 and 5-6 respectively.

Claim 7-8, 13-14, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Satish and Megahed further in view of Chen (US 2020/0304853 A1).

Regarding claim 7, Satish in view of Megahed teaches the system of claim 1.
Satish in view of Megahed however does not teach wherein the one or more processors of the first server are 5further configured to implement multifactor authentication for the client device based on a plurality of rules identified based, at least in part, on a request received from the client device.
	Chen teaches wherein the one or more processors of the first server (Fig. 1(130)) are 5further configured to implement multifactor authentication for the client device based on a plurality of rules identified based, at least in part, on a request received from the client device ([60]: the client terminal generates a login request based on the Q.sub.Q.RTM. account and the password input by the player and sends the login request to the login server. The login server sends a login success message to the client terminal when it is determined that the QQx account and the password pass the verification (i.e. implement authentication of client device). [70]: instead of merely evaluating the service-serving request of the user based on predefined inflexible defense rules, the security gateway may evaluate the received service-serving request based on the IP address of the user sent by the authentication server, thereby improving the accuracy of the service-serving request evaluation (i.e. client request is evaluated based on defense rules and IP address)) 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to incorporate the teachings of Chen and first server implement multifactor authentication for client request. One of ordinary skilled in the art would have been motivated to combine the teachings in order to authenticate user for anti-attack method (Walsh, [24]).

Regarding claim 8, Satish in view of Megahed teaches the system of claim 1.
	Satish in view of Megahed however does not teach wherein the one or more processors of the first server are 10further configured to generate a notification based on a plurality of rules identified based, at least in part, on a request received from the client device.	
	Chen teaches wherein the one or more processors of the first server are 10further configured to generate a notification based on a plurality of rules identified based, at least in part, on a request received from the client device ([61]: the login server sends a login success message to the client terminal when it is determined that the QQx account and the password pass the verification (i.e. send notification for client request). [65]: the authentication server verifies the login success message, and sends an access authentication request to the security gateway of the service server after the verification is successful). 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to incorporate the teachings of Chen and first server generate notification based on rules for client request. One of ordinary skilled in the art would have been motivated to combine the teachings in order to authenticate user for anti-attack method (Walsh, [24]).
 
Regarding Claims 13-14 and 19-20, they do not teach or further define over claims 7-8 respectively. Therefore, claim 13-14 and 19-20 are rejected for the same reason as set forth above in claims 7-8 respectively.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Satish and Megahed further in view of Mattsson et al. (US 2014/0090085 A1, hereinafter Mattsson).

Regarding claim 9, Satish in view of Megahed teaches the system of claim 1.
Satish in view of Megahed however does not teach wherein the one or more processors of the first server are further configured to execute a query on the plurality of log files and generate a result 15object based on the query. 
	Mattsson teaches wherein the one or more processors of the first server are further configured to execute a query on the plurality of log files and generate a result 15object based on the query ([47-48]: The database access system queries 315 an authorization table based on the user credentials.  The authorization table stores one or more data categories, each data category associated with one or more users. The database access system identifies 330, from the base table, a plurality of candidate data entries identified by the data request.  The database access system generates 335 a result set including result data entries from the plurality of candidate data entries (i.e. query table and generate result)).
 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Satish in view of Megahed to incorporate the teachings of Mattsson and first server executes a query on log files and generate result object. One of ordinary skilled in the art would have been motivated to combine the teachings in order for database access control (Mattsson, [46]).

Additional References
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
a. Grey et al., US 2015/0128124 A1: DYNAMICALLY OPTIMIZED CONTENT DISPLAY – See fig. 1, 4.
b. Rehak et al., US 2018/0219890 A1: IDENTIFYING A SECURITY THREAT TO A WEB-BASED RESOURCE – See fig. 1, 6 and [24, 109]

Conclusion
7.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUJANA KHAKURAL whose telephone number is (571)272-3704.  The examiner can normally be reached on M-F: 7:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SUJANA KHAKURAL/Examiner, Art Unit 2453                                                                                                                                                                                                        

/KAMAL B DIVECHA/Supervisory Patent Examiner, Art Unit 2453