Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This is a non-final office action in view of remarks filed on 09/20/2022. Claims 1-20 and remarks filed on 09/20/2022 were considered.

Response to Arguments Regarding Claim Rejections – 35 USC § 102/103
2.	Applicant's arguments, see page 6-8 of REMARKS, filed on 09/20/2022, with respect to Claim Rejections - 35 USC § 103 have been fully considered. 
Applicant’s arguments with respect to claim(s) 1 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1, 4, 10 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Movshovitz (US 9,003,509 B1) in view of Tennie et al. (US 2017/0171311 A1, hereinafter Tennie).

Regarding claim 1, Movshovitz teaches a system (fig. 1(100)) comprising:
a first server (fig. 1(108)) comprising one or more processors configured to generate a plurality of log files based on requests received from a client device ([Col 9, 61-67]: At block 702 where the web crawler makes a HTTP REQUEST using the supplied URL. Processing flows next to block 704, where, before the request is forwarded to the target web application the application model may record the complete HTTP request, including, but not limited to, the URI, query path, query values, cookies, meta data, and the like (i.e. first server 108 generates record for access requests)), wherein the requests are application requests ([Col 9, 61-67]: Processing flows next to block 704, where, before the request is forwarded to the target web application the application model may record the complete HTTP request (i.e. request is web application request)), and wherein each log file is generated based, at least in part, on event information and an application identifier associated with a request and at least one of a plurality of custom parameters ([Col 9, 61-67]: At block 702 where the web crawler makes a HTTP REQUEST using the supplied URL. Processing flows next to block 704, where, before the request is forwarded to the target web application the application model may record the complete HTTP request, including, but not limited to, the URI, query path, query values, cookies, meta data, and the like (i.e. URI is the application identifier, meta data is the event information and query values are custom parameters)); 
a second server (fig. 1(110)) comprising one or more processors configured to host an application accessed by the client device ([Col 9, 63-67] and [Col 10, 1-3]: Before the request is forwarded to the target web application the application model may record the complete HTTP request. Next processing flows to block 706, where once the HTTP request data has been recorded the HTTP request may be forwarded to the web application server (i.e. Web application server 110 hosts the web application)), wherein the first server is coupled between the client device and the second server (fig. 1(108) is the first server coupled between client fig. 1(104) and second server fig. 1(110)) and is configured to handle requests between the client device and the second server ([Col 11, 41-46]: At block 902, where a web client may send a standard HTTP request to the web application. Flowing next to block 904, the HTTP request may be intercepted by an external gateway component, such as external gateway component 608 of the web application security system (i.e. first server fig. 1(108) handles request between client fig. 1(104) and second server fig. 1(110))). 
Movshovitz however does not teach a database system configured to store application data associated with the application and the client device. 
Tennie teaches a database system configured to store application data associated with the application and the client device ([31]: server 102 is in communication with one or more databases 110 adapted to store service provider application data for use by the client applications 101 (i.e. database 110 storing application data and client data)).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz to incorporate the teachings of Tennie and a database system configured to store application data associated with the application and the client device. One of ordinary skilled in the art would have been motivated to combine the teachings in order for use by applications (Tennie, [31]).

Regarding claim 4, Movshovitz in view of Tennie teaches the system of claim 1.
Movshovitz further teaches wherein the first server further comprises:  25a storage device configured to store the plurality of log files ([Col 8, 37-38]: application state is recorded in application state database 618, the web application server response may be forwarded to web client 602 that made the original request (i.e. record is stored on storage of first server fig. 6(606))).  

Regarding Claims 10 and 15, they do not teach or further define over 1. Therefore, claims 10 and 15 are rejected for the same reason as set forth above in 1.

Claims 2-3, 11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Movshovitz in view of Tennie further in view of Satish (US 8,205,239 B1).

Regarding claim 2, Movshovitz in view of Tennie teaches the system of claim 1.
Movshovitz in view of Tennie however does not teach wherein the plurality of custom parameters is configured to determine a plurality of data fields and a plurality of types of data values included in each log file.
Satish teaches wherein the plurality of custom parameters is configured to determine a plurality of data fields (fig. 6 and [Col 8, 30-34]: for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded (i.e. custom parameter ‘site address’, ‘count’, site reputation’ records data fields)) and a plurality of types of data values included in each log file ([Col 8, 30-34]: for each of USER(1) through USER(n) information related to site addresses is recorded, a number of times the user has attempted to access a site address is recorded, and a reputation for the site is recorded (i.e. the custom parameter determines types of data values in table, for example – the parameter ‘counts’ determines data value is number of times user requested to access the site address)).  
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie to incorporate the teachings of Satish and the plurality of custom parameters is configured to determine a plurality of data fields and a plurality of types of data values included in each log file. One of ordinary skilled in the art would have been motivated to combine the teachings in order to determine a security policy to apply in future (Satish, [Col 8, 36-37]).

20 	Regarding claim 3, Movshovitz in view of Tennie and Satish teaches the system of claim 2.
Movshovitz further teaches wherein each log file of the plurality of log files comprises at least one of: a user identifier, an application identifier, a device identifier, a browser identifier ([Col 9, 61-67]: At block 702 where the web crawler makes a HTTP REQUEST using the supplied URL. Processing flows next to block 704, where, before the request is forwarded to the target web application the application model may record the complete HTTP request, including, but not limited to, the URI, query path, query values, cookies, meta data, and the like (i.e. URI is the application identifier recorded)), and a time stamp.  

Regarding Claims 11 and 16, they do not teach or further define over 2. Therefore, claims 11 and 16 are rejected for the same reason as set forth above in 2.

Claim 5-6, 12 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Movshovitz in view of Tennie further in view of Walsh et al. (US 2012/0179787 A1, hereinafter Walsh).

Regarding claim 5, Movshovitz in view of Tennie teaches the system of claim 1.
	Movshovitz in view of Tennie however does not teach wherein the one or more processors of the first server are further configured to modify a request received from the client device based on a plurality of rules identified based, at least in part, on the request.
	Walsh teaches wherein the one or more processors of the first server (fig. 2(205)) are further configured to modify a request received from the client device based on a plurality of rules identified based, at least in part, on the request ([22, 24]: a user requests content using one or more proxy servers such as server 205. The proxy server may determine whether the user has restricted or unrestricted access to external network content (i.e. determine based on predefined rule if user is allowed to access content). If the proxy server determines that the user's access to the requested content is restricted (e.g., not permitted to receive the content), the proxy server may modify the request to replace a user and/or device identifier associated with the content request with another identifier in step 310. The replacement identifier is used to achieve unfettered or unrestricted access to the requested content and/or to the external network in general (i.e. modify the user identifier in the request).  
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie to incorporate the teachings of Walsh and modify client request based on rules. One of ordinary skilled in the art would have been motivated to combine the teachings in order for unrestricted access to the requested content (Walsh, [24]).

Regarding claim 6, Movshovitz in view of Tennie and Walsh teaches the system of claim 5.
	Movshovitz in view of Tennie however does not teach wherein the modifying of the request comprises masking one or more data values included in the request.
	Walsh teaches wherein the modifying of the request comprises masking one or more data values included in the request ([22]: to bypass the traditional user based filters of the proxy server B 207, proxy server B 207 may mask the user's identity using credentials that would allow and provide unfettered network access when passed to and/or requested from proxy server A 205. One type of masking may include using an unrestricted-access username, device name or other identifier rather than the actual requesting user or device's identifier (i.e. masking the user identifier in the request))  
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie and Walsh to further incorporate the teachings of Walsh and modifying request includes masking data values in the request. One of ordinary skilled in the art would have been motivated to combine the teachings in order for unrestricted access to the requested content (Walsh, [24]).

Regarding Claims 12 and 17-18, they do not teach or further define over claims 5 and 5-6 respectively. Therefore, claim 12 and 17-18 are rejected for the same reason as set forth above in claims 5 and 5-6 respectively.

Claim 7-8, 13-14, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Movshovitz in view of Tennie further in view of Chen (US 2020/0304853 A1).

Regarding claim 7, Movshovitz in view of Tennie teaches the system of claim 1.
Movshovitz in view of Tennie however does not teach wherein the one or more processors of the first server are 5further configured to implement multifactor authentication for the client device based on a plurality of rules identified based, at least in part, on a request received from the client device.
	Chen teaches wherein the one or more processors of the first server (Fig. 1(130)) are 5further configured to implement multifactor authentication for the client device based on a plurality of rules identified based, at least in part, on a request received from the client device ([60]: the client terminal generates a login request based on the Q.sub.Q.RTM. account and the password input by the player and sends the login request to the login server. The login server sends a login success message to the client terminal when it is determined that the QQx account and the password pass the verification (i.e. implement authentication of client device). [70]: instead of merely evaluating the service-serving request of the user based on predefined inflexible defense rules, the security gateway may evaluate the received service-serving request based on the IP address of the user sent by the authentication server, thereby improving the accuracy of the service-serving request evaluation (i.e. client request is evaluated based on defense rules and IP address)) 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie to incorporate the teachings of Chen and first server implement multifactor authentication for client request. One of ordinary skilled in the art would have been motivated to combine the teachings in order to authenticate user for anti-attack method (Walsh, [24]).

Regarding claim 8, Movshovitz in view of Tennie teaches the system of claim 1.
	Movshovitz in view of Tennie however does not teach wherein the one or more processors of the first server are 10further configured to generate a notification based on a plurality of rules identified based, at least in part, on a request received from the client device.	
	Chen teaches wherein the one or more processors of the first server are 10further configured to generate a notification based on a plurality of rules identified based, at least in part, on a request received from the client device ([61]: the login server sends a login success message to the client terminal when it is determined that the QQx account and the password pass the verification (i.e. send notification for client request). [65]: the authentication server verifies the login success message, and sends an access authentication request to the security gateway of the service server after the verification is successful). 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie to incorporate the teachings of Chen and first server generate notification based on rules for client request. One of ordinary skilled in the art would have been motivated to combine the teachings in order to authenticate user for anti-attack method (Walsh, [24]).
 
Regarding Claims 13-14 and 19-20, they do not teach or further define over claims 7-8 respectively. Therefore, claim 13-14 and 19-20 are rejected for the same reason as set forth above in claims 7-8 respectively.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Movshovitz in view of Tennie further in view of Mattsson et al. (US 2014/0090085 A1, hereinafter Mattsson).

Regarding claim 9, Movshovitz in view of Tennie teaches the system of claim 1.
Movshovitz in view of Tennie however does not teach wherein the one or more processors of the first server are further configured to execute a query on the plurality of log files and generate a result 15object based on the query. 
	Mattsson teaches wherein the one or more processors of the first server are further configured to execute a query on the plurality of log files and generate a result 15object based on the query ([47-48]: The database access system queries 315 an authorization table based on the user credentials.  The authorization table stores one or more data categories, each data category associated with one or more users. The database access system identifies 330, from the base table, a plurality of candidate data entries identified by the data request.  The database access system generates 335 a result set including result data entries from the plurality of candidate data entries (i.e. query table and generate result)).
 Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Movshovitz in view of Tennie to incorporate the teachings of Mattsson and first server executes a query on log files and generate result object. One of ordinary skilled in the art would have been motivated to combine the teachings in order for database access control (Mattsson, [46]).

Additional References
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
a. Grey et al., US 2015/0128124 A1: DYNAMICALLY OPTIMIZED CONTENT DISPLAY – See fig. 1, 4.
b. Rehak et al., US 2018/0219890 A1: IDENTIFYING A SECURITY THREAT TO A WEB-BASED RESOURCE – See fig. 1, 6 and [24, 109]

Conclusion
5.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUJANA KHAKURAL whose telephone number is (571)272-3704.  The examiner can normally be reached on M-F: 7:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kamal B Divecha can be reached on 571-272-5863.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SUJANA KHAKURAL/Examiner, Art Unit 2453                                                                                                                                                                                                        

/Hitesh Patel/Primary Examiner, Art Unit 2419                                                                                                                                                                                                        
10/31/22