DETAILED ACTION
1.	This office action is in response to the communication filed on 02/12/2021.
2.	Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Claim Objections
5.	Claim(s) 19-20 is/are objected to because of the following informalities:  
In light of the preamble (e.g. “The method of …”), the claim(s) should depend on claim 18. For the initial examination purpose, the examiner interprets the claims as “The method of claim 18 …”.
Appropriate correction(s) is/are required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


6.	Claim(s) 10-17 is/are rejected under 35 U.S.C. 101 because the claimed inventions are directed to non-statutory subject matter.  
The claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim(s) is/are directed to a system, and the claimed element(s) (e.g., load balancer, proxies, and/or authorization cells) is/are non-statutory subject matter. In light of the specification (e.g., [0033] … a computing device 10 that … load balancers, proxies, or authorization cells can be executed on), the claimed element(s) is/are software executed on computing device(s). Therefore, the claim(s) as a whole permits non-statutory embodiment, i.e. software per se.  
If the written specification supports, amending the claim(s) to comprise one or more of a hardware device or memory would overcome the rejection.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	Claim(s) 1-7, 10-15 and 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Geppert (US 2009/0150320 A1) in view of Armes et al. (US 20080072226 A1, hereafter Armes).
Regarding claim(s) 1:
Geppert discloses a computer-implemented method comprising: 
a proxy receiving an authorization message from a [load balancer]; the proxy selecting an authorization cell from a plurality of authorization cells designated for the proxy in response to receiving the authorization message; the proxy sending a second authorization message to the selected authorization cell; the proxy receiving a response message from the selected authorization cell, wherein the response message corresponds to the second authorization message (see fig. 1 and paras. 30, 32-33 where an authentication platform is a system comprising software to provide authentication service, wherein the authentication platform’s decision engine (i.e. proxy) receives a request (i.e. authorization message) for authentication from an entity system, wherein the decision engine determines an authentication module (i.e. authorization cell) from a plurality of authentication modules in response to receive the request, provides authentication information (i.e. second authorization message includes authentication information) to the determined authentication module for authenticating a user, and receives a return/response (i.e. response message) from the determined authentication module); and 
the proxy sending a second response message to the [load balancer] in response to receiving the response message (see fig. 1 and para. 34 where the decision engine sends a response (i.e. second response message) to the entity system in response to receive the return/response from the authentication module).
Geppert does not, but Armes discloses:
load balancer (see Armes, fig. 1 and paras. 42, 45-46, 70, where an application server (i.e. application server or application server’s software as a proxy), which provides authorization service, receives a transaction that requires authorization (i.e. authorization message includes a transaction) from a load balancer, sends a response (i.e. second response message) including message indicating an authorization to the load balancer. Notes: see paras. 96, 98 where a server comprises programs/software executed to implement above method).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Geppert's invention by enhancing it for load balancer, as taught by Armes, in order to balance workload between application servers that provides the authorization services (Armes, paras. 38-39).

Regarding claim(s) 2:
Geppert discloses:  
wherein the proxy modifies the received authorization message to form the second authorization message (see fig. 1 and para. 33 where the decision engine receives a request (i.e. authorization message) for authentication from the entity system; see figs. 2-3 and para. 49 where the decision engine re-format the request and authentication information into a form understandable by the determined authentication module and forward the request to the determined authentication module).

Regarding claim(s) 3:
Geppert discloses:
wherein the received authorization message fails to satisfy at least one requirement of the selected authorization cell and wherein the proxy modifies the received authorization message so that the second authorization message satisfies all requirements of the selected authorization cell (see fig. 1 and para. 33 where the decision engine receives a request (i.e. authorization message) for authentication from the entity system; see figs. 2-3 and para. 49 where the decision engine re-format the request and authentication information into a form understandable by the determined authentication module based on a rule engine, and forward the request to the determined authentication module. In other words, the request received from the entity system fails to satisfy the format required by the determined authentication module, wherein the decision engine re-format the request into the format required by the determined authentication module).

Regarding claim(s) 4:
Geppert discloses:
the proxy examining the authorization message to identify a client that sent the authorization message and selecting the authorization cell based on the identified client (see fig. 1 and para. 33 where the decision engine receives a request (i.e. authorization message) for authentication a user from the entity system; see figs. 2-3 and paras. 50-51 where the decision engine requests additional information (e.g. a voice print, one-time password, etc.) from the user, and determines an authentication module used for the authentication. In other words, the decision engine examines the received request to identify a user (i.e. client) for communicating a request for additional information, and selects an authentication module based on the identified user).

Regarding claim(s) 5:
Geppert discloses:
wherein the proxy selects the authorization cell based on the identified client by selecting one authorization cell from a plurality of authorization cells assigned to the identified client wherein the plurality of authorization cells assigned to the identified client is a subset of the plurality of authorization cells designated for the proxy (see figs. 1-3 and paras. 33, 50-51).

Regarding claim(s) 6:
Geppert discloses:
wherein the proxy is prevented from sending authorization messages sent by other clients to the plurality of authorization cells assigned to the identified client (see figs. 1-3 and paras. 50-51 where the decision engine authenticates a plurality of users, determines an authentication module to use for authenticating a user based on rules and additional authentication information (e.g. a voice print, one-time password, etc.) received from a user (i.e. the decision engine is prevented from sending the requests sent by other users providing different type of authentication information (e.g. voice print) to the authentication modules assigned to the user providing the other type of authentication information (i.e. one-time password))).

Regarding claim(s) 7:
Geppert discloses:
wherein the proxy verifies that the authorization message satisfies at least one requirement before sending the authorization message as the second authorization message (see fig. 1 and paras. 32-33, 44 where the decision engine receives a request (i.e. authorization message) for authentication a user from the entity system, retrieves authentication information (i.e. passwords, voice prints, etc.) from the request (i.e. the request satisfies an authentication information requirement), and provides the authentication information to the determined authentication module).

Regarding claim(s) 10 and 18:
Geppert discloses a system comprising: 
a [load balancer] receiving authorization requests from a plurality of clients (see fig. 1 and paras. 26-27, 32 where an entity system comprising software to receive requests needed to be authenticated from a plurality of users); 
[a plurality of proxies, wherein for each authorization request, the load balancer selects one proxy of the plurality of proxies to send the authorization request to] (see fig. 1 and paras. 27, 32 where the entity system sends requests for authentication to a decision engine (i.e. proxy)); and 
a plurality of authorization cells, wherein for each authorization request received at a proxy, the proxy selects one authorization cell of the plurality of authorization cells to send an authorization message to (see fig. 1 and paras. 30, 32-33 where the decision engine determines an authentication module (i.e. authorization cell) from a plurality of authentication modules, provides authentication information (i.e. authorization message includes authentication information) to the determined authentication module for authenticating a user).
Geppert does not, but Armes discloses:
load balancer; and a plurality of proxies, wherein for each authorization request, the load balancer selects one proxy of the plurality of proxies to send the authorization request to (see Armes, fig. 1 and paras. 42-43, 45-46, 70, where a load balance receives a plurality of transactions (i.e. authorization requests) required authorization from a plurality of clients, selects an application server from a plurality of application servers (i.e. application servers or application servers’ software as proxies), which provide authorization service, to send transaction(s) (i.e. authorization request includes transaction(s)) to. Notes: see paras. 96, 98 where a server comprises programs/software executed to implement above method).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Geppert's invention by enhancing it for load balancer, and a plurality of proxies, wherein for each authorization request, the load balancer selects one proxy of the plurality of proxies to send the authorization request to, as taught by Armes, in order to balance workload between application servers that provides the authorization services (Armes, paras. 38-39).

Regarding claim(s) 11:
	See the rejection to claim 3. 

Regarding claim(s) 12:
See the rejection to claim 4.

Regarding claim(s) 13:
Geppert discloses:
wherein the proxy selects the one authorization cell from a subset of the plurality of authorization cells, wherein authorization messages from the client are limited to being sent to authorization cells in the subset (see figs. 1-3 and paras. 33, 50-51).

Regarding claim(s) 14:
See the rejection to claim 6.

Regarding claim(s) 15:
See the rejection to claim 7.

Regarding claim(s) 19:
Geppert discloses:  
wherein the proxy [of the plurality of proxies] is configured to modify the authorization request to form the authorization message (see fig. 1 and para. 33 where the decision engine receives a request (i.e. authorization message) for authentication from the entity system; see figs. 2-3 and para. 49 where the decision engine re-format the request and authentication information into a form understandable by the determined authentication module and forward the request to the determined authentication module).
Geppert does not, but Armes discloses:
the proxy of the plurality of proxies (see Armes, fig. 1 and para. 45 for an application server (i.e. application server or application server’s software as proxy) of a plurality of application servers that provides authorization).

Regarding claim(s) 20:
Geppert discloses:
wherein the proxy [of the plurality of proxies] identifies the authorization cell based in part on a client that sent the authorization request (see fig. 1 and para. 33 where the decision engine receives a request (i.e. authorization message) for authentication a user from the entity system; see figs. 2-3 and paras. 50-51 where the decision engine requests additional information (e.g. a voice print, one-time password, etc.) from the user, and determines an authentication module used for the authentication. In other words, the decision engine examines the received request to identify a user (i.e. client) for communicating a request for additional information, and selects an authentication module based on the identified user).
Geppert does not, but Armes discloses:
the proxy of the plurality of proxies (see Armes, fig. 1 and para. 45 for an application server (i.e. application server or application server’s software as proxy) of a plurality of application servers that provides authorization).

8.	Claim(s) 8 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Geppert, Armes, and further in view of Bhasin et al. (US 2022/0141180 A1, hereafter Bhasin).
Regarding claim(s) 8 and 16:
Geppert discloses:
the proxy [logging when] the second authorization message is sent to the selected authorization cell and [when] the response message is received from the authorization cell (see fig. 1 and paras. 32-33 where the decision engine (i.e. proxy) provides authentication information (i.e. second authorization message includes authentication information) to the determined authentication module for authenticating a user, and receives a return/response (i.e. response message) from the determined authentication module).
Geppert does not, but Bhasin discloses:
logging when the second authorization message is sent and when the response message is received (see Bhasin, para. 50, where an authorization request message (i.e. second authorization message) includes a timestamp; see para. 23 where an authorization response includes a timestamp).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Geppert-Armes's invention by enhancing it for logging when the second authorization message is sent and when the response message is received, as taught by Bhasin, in order to process transaction with conditional authorization (Bhasin, abstract).

9.	Claim(s) 9 is/are rejected under 35 U.S.C. 103 as being unpatentable over Geppert, Armes, and further in view of Ogata (US 2009/0210925 A1).
Regarding claim(s) 9:
Geppert discloses:
the proxy [monitoring the health of] each of the plurality of authorization cells (see fig. 1 and paras. 32-33 where the decision engine (i.e. proxy) determines an authentication module (i.e. authorization cell) from a plurality of authentication modules to be used for authentication).
Geppert does not, but Ogata discloses:
monitoring the health of each of the plurality of authorization cells (see Ogata, paras. 41 where an authentication control unit (i.e. proxy) selects an authentication module of a plurality of authentication modules used for authentication paras. 44, 61, where the authentication control unit manages a module status information to monitor the statuses, e.g. active, inactive, available, not available (i.e. health) of authentication modules is/are monitored).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Geppert-Armes's invention by enhancing it for monitoring the health of each of the plurality of authorization cells, as taught by Bhasin, in order to determine the status of an authentication module to be used for authentication (Bhasin, paras. 41, 44).

10.	Claim(s) 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Geppert, Armes, and further in view of Mohan et al. (US 2021/0282016 A1, hereafter Mohan).
Regarding claim(s) 17:
Geppert discloses:
wherein the proxy [determines whether the client is rate limited and only] sends an authorization message to an authorization cell [when the client is not rate limited] (see fig. 1 and paras. 32-33 where the decision engine determines an authentication module (i.e. authorization cell), provides authentication information (i.e. second authorization message includes authentication information) to the determined authentication module for authenticating).
Geppert does not, but Mohan discloses:
determines whether the client is rate limited and only proceed authorization message when the client is not rate limited (see Mohan, paras. 58-59, where the number or frequency of authentication requests from a user/client is determined to be associated with an attack (e.g. a flooding of authentication requests); see paras. 41, 63 where an authentication request associated with an attack is discarded (e.g. without proceeding to an authentication step)).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Geppert-Armes's invention by enhancing it for determining whether the client is rate limited and only proceed authorization message when the client is not rate limited, as taught by Mohan, in order to discard an authentication request associated with an attack (Mohan, para. 63).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
DOUGLAS et al. (US 2016/0078430 A1), SYSTEM AND METHOD FOR DIGITAL AUTHENTICATION.
HALLENBORG (US 2017/0230351 A1), METHOD AND SYSTEM FOR AUTHENTICATING A USER.
Kim et al. (US 2008/0046719 A1), Access Point And Method For Supporting Multiple Authentication Policies.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAN V. DOAN whose telephone number is 571-272-3809. The examiner can normally be reached on Monday – Thursday, 9:00am – 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA, can be reached on 571-272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HUAN V DOAN/Primary Examiner, Art Unit 2499