DETAILED ACTION
This office action is in response to the original application filed on December 08, 2023.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.
Claim Objections
Claim 7 objected to because of the following informalities: claim 17 recite the term “… processor-executable instruction that cause the at least one processor to select the selected request comprise” twice. Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Simpkins (US Pub. No. 2010/0235901) in view of Ogrinz (US Pub. No. 2022/0006786).
As per claim 1 Simpkins discloses:
A computer-implemented method comprising: relaying, via a proxy server in communication with client devices and service servers, a plurality of requests originating from the client devices to the service servers, each request of the plurality of requests addressing a corresponding endpoint at the service servers; (paragraph 24 of Simpkins, the client system 105 may access resources (e.g., a shared network file system) by sending CIFS requests to the proxy, which, in turn, forwards the requests to an actual CIFS file server (e.g., one of servers 140.sub.1-3)).
For an [address group] of the plurality of [address groups], performing a security test. (Paragraph 15 of Simpkins, the CIFS proxy then sends the modified authentication request to a first server that the CIFS proxy will access on behalf of the client. When the first CIFS server sends a reply to the CIFS proxy, the CIFS proxy modifies the response to that it appears to have been sent directly by the first CIFS proxy) and (paragraph 17 of Simpkins, the CIFS proxy then sends the modified CIFS authentication request to a second CIFS server that the proxy will access on behalf of the client. As with the first CIFS server, when the second CIFS server sends a reply to the CIFS proxy, the CIFS proxy modifies the response so that it appears to have originated from the CIFS proxy).
Simpkins teaches the method of mapping resources in order to define what resources may be accessed by the client using the proxy system (see paragraph 23 of Simpkins) but fails to clearly disclose:
Grouping, by the proxy server, the plurality of requests into a plurality of address groups based on the corresponding endpoint included in each request.
However, in the same field of endeavor, Ogrinz teaches this limitation as, (paragraph 35 of Ogrinz, the first HTTP request and the second HTTP request may be the most-recent and the latest-most requests, respectively, that were fired by the proxy server in a sequentially-generated group of HTTP requests, each request including the API identifier and the group including the maximum number of calls).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Simpkins and include the above limitation using the teaching of Ogrinz in order to group the request and identify/see where the most incoming request comes from and going to using API identifier (see paragraphs 35 and 163 of Ogrinz).
Claims 12 and 20 are rejected under the same reason set forth in rejection of claim 1.
As per claim 2 Simpkins in view of Ogrinz discloses:
The method of claim 1, wherein performing the security test includes: selecting, with the proxy server, a selected request from the address group, wherein the selected request includes a selected endpoint at the service servers and a selected authentication element; modifying, with the proxy server, the selected authentication element to generate a test request including the selected endpoint and a test authentication element; and transmitting, with the proxy server, the test request to the selected endpoint. (Paragraph 15 of Simpkins, the CIFS proxy then sends the modified authentication request to a first server that the CIFS proxy will access on behalf of the client. When the first CIFS server sends a reply to the CIFS proxy, the CIFS proxy modifies the response to that it appears to have been sent directly by the first CIFS proxy) and (paragraph 17 of Simpkins, the CIFS proxy then sends the modified CIFS authentication request to a second CIFS server that the proxy will access on behalf of the client. As with the first CIFS server, when the second CIFS server sends a reply to the CIFS proxy, the CIFS proxy modifies the response so that it appears to have originated from the CIFS proxy).
Claim 13 is rejected under the same reason set forth in rejection of claim 2.
As per claim 3 Simpkins in view of Ogrinz discloses:
The method of claim 1, further comprising storing, by the proxy server, the plurality of requests to maintain a directory of endpoints at the service servers. (Paragraph 34 of Simpkins, the CIFS proxy system 120 has established an authenticated session with the CIFS server A 140.sub.1, and may broker requests for access to resources on this CIFS serve).
Claim 14 is rejected under the same reason set forth in rejection of claim 2.
As per claim 4:
Simpkins teaches the method of mapping resources in order to define what resources may be accessed by the client using the proxy system (see paragraph 23 of Simpkins) but fails to clearly disclose:
The method of claim 1, wherein grouping the plurality of requests comprises grouping requests of the plurality of requests which have a same endpoint except for an identifier in that same endpoint together into an address group of the plurality of address groups.
However, in the same field of endeavor, Ogrinz teaches this limitation as, (paragraph 35 of Ogrinz, the first HTTP request and the second HTTP request may be the most-recent and the latest-most requests, respectively, that were fired by the proxy server in a sequentially-generated group of HTTP requests, each request including the API identifier and the group including the maximum number of calls).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Simpkins and include the above limitation using the teaching of Ogrinz in order to group the request and identify/see where the most incoming request comes from and going to using API identifier (see paragraphs 35 and 163 of Ogrinz).
Claim 15 is rejected under the same reason set forth in rejection of claim 4.
As per claim 5:
Simpkins teaches the method of mapping resources in order to define what resources may be accessed by the client using the proxy system (see paragraph 23 of Simpkins) but fails to clearly disclose:
The method of claim 4, wherein identifiers in endpoints in a same address group of the plurality of address groups vary within an identifier match standard.
However, in the same field of endeavor, Ogrinz teaches this limitation as, (paragraph 35 of Ogrinz, the first HTTP request and the second HTTP request may be the most-recent and the latest-most requests, respectively, that were fired by the proxy server in a sequentially-generated group of HTTP requests, each request including the API identifier and the group including the maximum number of calls).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Simpkins and include the above limitation using the teaching of Ogrinz in order to group the request and identify/see where the most incoming request comes from and going to using API identifier (see paragraphs 35 and 163 of Ogrinz).
Claim 16 is rejected under the same reason set forth in rejection of claim 5.
As per claim 6:
Simpkins teaches the method of mapping resources in order to define what resources may be accessed by the client using the proxy system (see paragraph 23 of Simpkins) but fails to clearly disclose:
The method of claim 4, wherein the identifier in the same endpoint comprises at least one of a resource identifier, a user identifier, an email identifier or an alphanumeric identifier..
However, in the same field of endeavor, Ogrinz teaches this limitation as, (paragraph 35 of Ogrinz, the first HTTP request and the second HTTP request may be the most-recent and the latest-most requests, respectively, that were fired by the proxy server in a sequentially-generated group of HTTP requests, each request including the API identifier and the group including the maximum number of calls).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Simpkins and include the above limitation using the teaching of Ogrinz in order to group the request and identify/see where the most incoming request comes from and going to using API identifier (see paragraphs 35 and 163 of Ogrinz).
As per claim 7 Simpkins in view of Ogrinz discloses:
The method of claim 2, wherein the selected request is selected from the address group randomly or is selected from the address group based on at least one characteristic associated with of the selected request. (Paragraph 29 of Simpkins, assume that the client has established a connection to map a network drive on the network server. In some cases, however, the actual files for that network drive may be spread across multiple backend server systems. Thus, in such cases, the proxy needs to establish a session with each independent system from which resources may be required).
Claim 17 is rejected under the same reason set forth in rejection of claim 7.
As per claim 8 Simpkins in view of Ogrinz discloses:
The method of claim 2, wherein: selecting the selected request from the address group comprises selecting a plurality of selected requests from the address group, and modifying the selected authentication element of the selected request to generate the test request comprises modifying corresponding authentication elements in each selected request of the plurality of selected requests to generate a plurality of test requests. (Paragraph 15 of Simpkins, the CIFS proxy receives an initial authentication request from a CIFS client. In response, the CIFS proxy modifies the request to appear as though it originated from the CIFS proxy. The CIFS proxy then sends the modified authentication request to a first server that the CIFS proxy will access on behalf of the client).
As per claim 9 Simpkins in view of Ogrinz discloses:
The method of claim 2, further comprising: receiving, at the proxy server, a test response from the selected endpoint in response to the test request; and comparing, by the proxy server, the test response to an actual response received from the selected endpoint in response to the selected request to determine security of the selected endpoint. (Paragraph 18 of Simpkins, the CIFS proxy has an authenticated connection to the second CIFS server and can send CIFS request to the second server on behalf of the client. The process described to authenticate the second server may be repeated to allow the proxy to establish an authenticated session to any additional CIFS servers that the proxy desires to access on behalf of the client).
Claim 18 rejected under the same reason set forth in rejection of claim 9.
As per claim 10 Simpkins in view of Ogrinz discloses:
The method of claim 2, further comprising: receiving, at the proxy server, a test response from the selected endpoint in response to the test request; and assessing, by the proxy server, the test response for personal information to determine security of the selected endpoint. (Paragraph 33 of Simpkins, the modified request 305' being forwarded to the CIFS server A 140.sub.1. In response, the CIFS server A 140.sub.1 sends a response 310 back to the CIFS proxy system 120).
As per claim 11 Simpkins in view of Ogrinz discloses:
The method of claim 10, wherein the security of the selected endpoint is extrapolated as security of a plurality of endpoints within the address group or as security of the address group. (Paragraph 28 of Simpkins, CIFS proxy system 120 has an authenticated session between itself and the network server and may respond to requests for access to resources on that server submitted by the client system).
Claim 19 is rejected under the same reason set forth in rejection of claim 11.
Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Islam (US 2014/0223537). Islam’s reference discloses:
A method for securing communication over a network is disclosed. A trust broker system receives a request to connect to applications and resources from a client system. The trust broker system determines whether the client system is authorized to connect to the requested applications and resources. In response to determining the client system has authorization to connect to the requested applications and resources, the trust broker system determines, from a plurality of potential proxy servers, a proxy server associated with the requested server system and transmits an identification value for the client system to the requested server system. The trust broker system then transmits the identification value to the client system and transmits contact information for the determined proxy server to the client system, wherein all communication between the client system and the requested server system passes through the proxy server.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ali Shayanfar can be reached at (571) 270-1050. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TESHOME HAILU/Primary Examiner, Art Unit 2434