APPLICATION ACCESS CONTROL METHOD AND APPARATUS, AND COMPUTER DEVICE AND STORAGE MEDIUM

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 2/9/2026 has been entered. As per Amendment, claims 1, 14 and 22 are amended and claims 1, 14 and 22 are independent claims. Claims 1-8 and 14-25 have been examined and are pending. This Action is made Non-Final. Response to Arguments Applicant's arguments filed 1/7/2026 have been fully considered but they are not persuasive and/or moot in view of new grounds of rejection. Applicant Argues: Nevertheless, in the interest of advancing procedure, Claim 1 has been amended to specify the "domain name information" as "being generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain.” Examiner’s Response: The examiner respectfully notes this argument is moot in view of new grounds of rejection. Applicant Argues: The Office Action asserts, on page 4, that the proxy domain name information/domain name information of the IAM system and domain name information of the target application is construed as follows: the second request is based on company identifier 550 and user identifier530 (i.e., domain name information of the IAM system) and Salesforce.com (i.e., domain name information of the target application). ... The Office Action notes this is reasonable inspiration for "rewriting of the domain name information." However, Applicant respectfully disagrees with this assertion. [...] However, Chen is silent about "rewriting of domain name information." Moreover, the so-called ''redirect/redirection" of Chen points to the original domain name of the cloud service, meaning that the domain name remains unchanged during the entire process. Thus, Chen does not provide any teaching on ''rewriting of domain name information." While the technical problem sought to be solved by the subject matter of amended Claim l is that "due to security restrictions of browser, some information systems do not support cross domain submission of forms by the JavaScript script (that is, sending the account and password information obtained from the IAM system to the information system). In this case, automatic login to the infom1ation system cannot be achieved." See e.g., specification para. [0004] of the present application. To address this technical problem mentioned above, the solution provided by amended Claim l includes at least operations of “rewriting by the IAM system, the first access request to obtain a second access request comprising proxy domain name information, wherein the proxy domain name information is generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain” and “obtaining, by a proxy server, the second access request generated by the IAM system, and parsing the proxy domain name information of the second access request to determine the domain name information of the target application.” (i.e., the above distinguishing features (1) and (2)), so that the cross-domain can be achieved. Examiner’s Response: The examiner respectfully disagrees. One cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. The examiner respectfully notes that Chen does in fact disclose “rewriting.” The examiner notes as noted in Chen, col. 7, lines 18-39 and col. 8, lines 36-48 and col. 8, line 51-57, the Proxy Gateway intercepts the Login form and uses a combination of the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) for location of subsequent login authentication information, thus, based on such a sequence the IAM fills in (see 412 of FIG. 4) the login form which contains the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) thus represents a second access request. By filling in the form it represents rewriting. The examiner sound to combine Wrenbeck to teach [generating], by the IAM system, [based on] the first access request to obtain a second access request comprising proxy domain name information, wherein the proxy domain name information is generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain ([0036]-[0037] - Initially (step 3.0), the request contains no authentication token, so the user's browser is redirected to a login page where the user can provide credential information (e.g., through input fields on the login page) (step 3.3)... Once verified, the cloud (e.g., cloud-based IAM platform 130 shown in FIG. 1) generates an authentication token and starts a global session and [0049]-[0052] – Table 1 - “iss”: “https://opentext.com/iam”, “aud”: “https://opentext.com/iam/S-CLOUDIAM-DEV” and Table 2 - aud Identifies the tenant to whom this token is intended (i.e., domain name information of the target application) and Iss Identifies the issuer (i.e., IAM)). Thus, the access request (i.e., login page w/ no authentication token) is rewritten to include the login token and includes the issuer (i.e. IAM) and further the tenant for whom the token is intended (i.e., S-CloudIAM-DEV). Thus, achieving cross-domain as Wrenbeck, see [0010], states the IAM ETS can enforce enterprise policies where a user session across multiple zone. Such concepts of generating based on the first access request can be included to the rewriting of Chen. Therefore, the examiner finds this argument not persuasive and/or moot in view of new grounds of rejection. Further, Chen discloses obtaining, by a proxy server, the second access request generated by the IAM system, and parsing the proxy domain name information of the second access request to determine the domain name information of the target application (FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.” ). The examiner respectfully notes as the gateway intercepts the login form and replaces with the true identifier and password, thus is a form of is parsed. The unusable identifier and password are mapped to the true identifier and password. As noted, the domain name information was noted to be company identifier and user identifier, see interpretation noted above, and is used to parse and obtain the true domain name information when mapped to the true information. Therefore, the examiner finds this argument not persuasive and/or moot in view of new grounds of rejection. Applicant Argues: As indicated in Chen, Chen only discusses login credentials replaced by the proxy gateway, but is silent about "login authentication information input by the user" recited in amended Claim 1. Thus, Chen also fails to disclose or suggest the above distinguishing feature (3). In addition, Ott also fails to disclose or suggest the above distinguished feature (1) to (3). Examiner’s Response: The examiner respectfully disagrees. Chen discloses in col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service). Thus, as the information is saved by the user and is later used; this represents information input by the user under reasonable construction. Therefore, the examiner finds this argument not persuasive. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-4, 7-8, 14-17, and 20-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 10,454,921 B1) in view of Wrenbeck et al. (US 2022/0210145 A1) as evidenced by Provisional Application No. 63/132,340 filed on December 30th, 2020. Regarding Claim 1; Chen discloses a method of application access control (Abstract), comprising: receiving, by an Identity and Access Management, IAM, system, a first access request for accessing a target application managed by the IAM system (FIG. 4 and col. 8, lines 16-32 - FIG. 4 is a flow diagram describing one embodiment by which the user may access a cloud service using an IAM service. As mentioned above, typically a user will have already logged in to the proxy gateway service and will have provided their proxy gateway user identifier. In step 404 a user views the IAM portal 210 and logs into the IAM service using their IAM user identifier and password. Next, in step 408 the user is presented with a list or display of available cloud services such as is shown in window 110. Of course, there may be fewer cloud services or more, and window 130 would not be present. The user may be presented with all cloud services that the IAM service supports, or may only be presented with the cloud services that the user has previously registered with the IAM service. The user then selects a particular cloud service that they wish to use (for example, Salesforce 126) by clicking upon or otherwise selecting the cloud service from the display); rewriting, by the IAM system, the first access request to obtain a second access request comprising proxy domain name information generated based on domain name information of the IAM system and domain name information of the target application (FIG. 4 – Proxy Gateway Intercepts Login Form [...] and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Depending upon which technique was used above in step 324 [...] and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control.); As noted, the Proxy Gateway intercepts the Login form and uses a combination of the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) for location of subsequent login authentication information, thus, based on such a sequence the IAM fills in (see 412 of FIG. 4) the login form which contains the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) thus represents a second access request. obtaining, by a proxy server, the second access request generated by the IAM system, and parsing the proxy domain name information of the second access request to determine the domain name information of the target application (FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.” ); in case of determining that login authentication information is required to log in to the target application, obtaining, by the proxy server from the IAM system, login account information of a user with the target application based on the domain name information of the target application (FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.” Depending upon which technique was used above in step 324, the proxy gateway performs this replacement either by using the proxy gateway user identifier and cloud service identifier to find the true cloud service user identifier and password in local storage, or by using the proxy gateway user identifier to find the correct encryption key also in local storage, in order to decrypt the encrypted password in the login form. Once the true identifier and password for the cloud service have been placed into the login form, then in step 420 the redirection with the login form is allowed to continue to the actual cloud service. The cloud service then accepts the login form, authenticates the user, and provides the user access to the cloud service. At this point, what the user sees next (after selecting the cloud service from the IAM user portal in step 408) is the home page of the cloud service, “Salesforce.com,” with the user having been authenticated and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control), and obtaining login authentication information input by the user (FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 and col. 8, line 51-57 and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control); and sending, by the proxy server, a login request to an application server corresponding to the target application based on the login account information and the login authentication information (FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.” Depending upon which technique was used above in step 324, the proxy gateway performs this replacement either by using the proxy gateway user identifier and cloud service identifier to find the true cloud service user identifier and password in local storage, or by using the proxy gateway user identifier to find the correct encryption key also in local storage, in order to decrypt the encrypted password in the login form. Once the true identifier and password for the cloud service have been placed into the login form, then in step 420 the redirection with the login form is allowed to continue to the actual cloud service. The cloud service then accepts the login form, authenticates the user, and provides the user access to the cloud service. At this point, what the user sees next (after selecting the cloud service from the IAM user portal in step 408) is the home page of the cloud service, “Salesforce.com,” with the user having been authenticated and col. 9, lines 11-37). Chen fails to explicitly disclose ..., by the IAM system, the first access request to obtain a second access request comprising proxy domain name information, wherein the proxy domain name information is generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain. However, in an analogous art, Wrenbeck teaches [generating], by the IAM system, [based on] the first access request to obtain a second access request comprising proxy domain name information, wherein the proxy domain name information is generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain ([0010] - The IAM ETS can enforce enterprise policies where a user session across multiple zones and [0036]-[0037] - Initially (step 3.0), the request contains no authentication token, so the user's browser is redirected to a login page where the user can provide credential information (e.g., through input fields on the login page) (step 3.3)... Once verified, the cloud (e.g., cloud-based IAM platform 130 shown in FIG. 1) generates an authentication token and starts a global session and [0049]-[0052] – Table 1 - “iss”: “https://opentext.com/iam”, “aud”: “https://opentext.com/iam/S-CLOUDIAM-DEV” and Table 2 - aud Identifies the tenant to whom this token is intended (i.e., domain name information of the target application) and Iss Identifies the issuer (i.e., IAM)). Such limitations are evidenced by Provisional Application No. 63/132,340, see [0004], [0012]-[0013], and [0021]-[0022]. Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Wrenbeck to the rewriting of Chen to include [generating], by the IAM system, [based on] the first access request to obtain a second access request comprising proxy domain name information, wherein the proxy domain name information is generated based on domain name information of the IAM system and domain name information of the target application, and the domain name information of the IAM system is located before or after the domain name information of the target application for implementing cross-domain One would have been motivated to combine the teachings of Wrenbeck to Chen to do so as it provides / allows achieve multi-zone single sign-on with a scalable, secure, efficient, and more centralized approach (Wrenbeck, [0008]). Regarding Claim 2; Chen in view of Wrenbeck disclose the method to Claim 1. Chen further discloses wherein rewriting, by the IAM system, the first access request to obtain a second access request comprises: adding the domain name information of the IAM system into the first access request to obtain the second access request; or combining, by the IAM system according to a predetermined format, the domain name information of the IAM system with the domain name information of the target application carried in the first access request to obtain the second access request (FIG. 4 – Proxy Gateway Intercepts Login Form [...] and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Depending upon which technique was used above in step 324 [...] and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control.); As noted, the Proxy Gateway intercepts the Login form and uses a combination of the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) for location of subsequent login authentication information, thus, based on such a sequence the IAM fills in (see 412 of FIG. 4) the login form which contains the company identifier and user identifier (i.e., either or both can be noted as domain name information of the IAM system) thus represents a second access request. Regarding Claim 3; Chen in view of Wrenbeck disclose the method to Claim 1. Chen further discloses wherein rewriting, by the IAM system, the first access request to obtain a second access request comprises: rewriting, by the IAM system, the domain name information of the target application carried in the first access request, and encrypting the rewritten proxy domain name information to obtain the second access request carrying the encrypted proxy domain name information (col. 6, lines 38-49 – [...] https:// [...] and col. 8, lines 36-48); As noted, https:// is a form that is filled in (i.e., rewritten) and is encrypted and the parsing the proxy domain name information of the second access request to determine the domain name information of the target application comprises: decrypting the encrypted proxy domain name information in the second access request to obtain the decrypted proxy domain name information (col. 5, lines 28-39 - In one embodiment, the proxy gateway uses a self-signed SSL certificate in order to intercept SSL traffic. In any case, because the proxy gateway can intercept all Web traffic from the user's computer, the proxy gateway is able to retain the actual identifiers and passwords for the user's cloud services under control of the user while only providing an IAM vendor with unusable identifiers and passwords. These actions above are possible because all user Web traffic is intercepted by the proxy gateway. For example, when the IAM service fills in a login form on behalf of the user, the filled form will go through the proxy gateway as well. col. 6, lines 38-49 – [...] https:// [...] and col. 8, lines 36-48); As noted, https:// is a form that is filled in (i.e., rewritten)/encrypted and would be subsequently need decrypted (i.e., self-signed SSL certificate); and extracting the domain name information of the target application from the decrypted proxy domain name information (FIG. 4 – Proxy Gateway Intercepts Login Form [...] and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Depending upon which technique was used above in step 324 [...] and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control.). Regarding Claim 4; Chen in view of Wrenbeck disclose the method to Claim 1. Chen further discloses wherein the determining that login authentication information is required to log in to the target application comprises: determining that the login authentication information is required to log in to the target application based on registration management information stored in the IAM system for the target application (FIG. 2 and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control.); and the method further comprises: in case of determining that no login authentication information is required to log in to the target application, logging in to the target application by the IAM system to obtain an access credential (col. 5, lines 40-67 - Generally, when an individual user wishes to access a particular cloud service for the first time and use an IAM vendor to manage the authentication credentials for that cloud service, the user will access the IAM service, provide authentication credentials for the cloud service, and then access the cloud service immediately in order to make use of that cloud service and col. 6, lines 19-38 - In step 316 the IAM portal determines that authentication credentials are needed for the selected cloud service and the portal prompts the user for these credentials. For example, window 130 may be presented which prompts for the user name 142 and password 144 for the desired cloud service LinkedIn. In the case of portal 210 being accessed over the Web from a browser of a computing device, the IAM service sends a login form to the user's computer. The user then enters his or her authentication credentials for the desired cloud service and clicks “Save” (for example) or indicates in some other fashion that the credentials should be returned to the IAM service); wherein the IAM system logs in to the target application based on the login account information in the registration management information (col. 5, lines 40-67 - Generally, when an individual user wishes to access a particular cloud service for the first time and use an IAM vendor to manage the authentication credentials for that cloud service, the user will access the IAM service, provide authentication credentials for the cloud service, and then access the cloud service immediately in order to make use of that cloud service) accessing the target application based on the access credential. (col. 5, lines 40-67 - Generally, when an individual user wishes to access a particular cloud service for the first time and use an IAM vendor to manage the authentication credentials for that cloud service, the user will access the IAM service, provide authentication credentials for the cloud service, and then access the cloud service immediately in order to make use of that cloud service). Regarding Claim 7; Chen in view of Wrenbeck disclose the method to Claim 1. Chen further discloses wherein after obtaining, by a proxy server, the second access request generated by the IAM system, and parsing the proxy domain name information of the second access request to determine the domain name information of the target application (FIG. 4 and col. 8, lines 16-32 - FIG. 4 is a flow diagram describing one embodiment by which the user may access a cloud service using an IAM service. As mentioned above, typically a user will have already logged in to the proxy gateway service and will have provided their proxy gateway user identifier. In step 404 a user views the IAM portal 210 and logs into the IAM service using their IAM user identifier and password. Next, in step 408 the user is presented with a list or display of available cloud services such as is shown in window 110. Of course, there may be fewer cloud services or more, and window 130 would not be present. The user may be presented with all cloud services that the IAM service supports, or may only be presented with the cloud services that the user has previously registered with the IAM service. The user then selects a particular cloud service that they wish to use (for example, Salesforce 126) by clicking upon or otherwise selecting the cloud service from the display), the method further comprises: searching for an access credential of the user for the target application from a center server based on the domain name information FIG. 4 – Proxy Gateway Intercepts Login Form [...] and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Depending upon which technique was used above in step 324 [...] and col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control); and in case of determining that login authentication information is required to log in to the target application, obtaining, by the proxy server from the IAM system, login account information of a user with the target application based on the domain name information of the target application ((FIG. 4 and FIG. 5A-5B and col. 7, lines 18-39 and col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.” Because of the redirection, this Web traffic now passes through the user's browser enabling the proxy gateway to intercept this Web traffic and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.”), and obtaining login authentication information input by the user comprises: in case of no access credential being searched and determining that the login authentication information is required to log in to the target application, obtaining, based on the determined domain name information of the target application, the login account information of the user from the IAM system, and obtaining the login authentication information input by the user (col. 5, lines 40-67 - Generally, when an individual user wishes to access a particular cloud service for the first time and use an IAM vendor to manage the authentication credentials for that cloud service, the user will access the IAM service, provide authentication credentials for the cloud service, and then access the cloud service immediately in order to make use of that cloud service and col. 6, lines 19-38 - In step 316 the IAM portal determines that authentication credentials are needed for the selected cloud service and the portal prompts the user for these credentials. For example, window 130 may be presented which prompts for the user name 142 and password 144 for the desired cloud service LinkedIn. In the case of portal 210 being accessed over the Web from a browser of a computing device, the IAM service sends a login form to the user's computer. The user then enters his or her authentication credentials for the desired cloud service and clicks “Save” (for example) or indicates in some other fashion that the credentials should be returned to the IAM service); wherein the IAM system logs in to the target application based on the login account information in the registration management information (col. 5, lines 40-67 - Generally, when an individual user wishes to access a particular cloud service for the first time and use an IAM vendor to manage the authentication credentials for that cloud service, the user will access the IAM service, provide authentication credentials for the cloud service, and then access the cloud service immediately in order to make use of that cloud service). Regarding Claim 8; Chen in view of Wrenbeck disclose the method to Claim 7. Chen further discloses wherein after the searching for an access credential of the user for the target application from a central server, the method further comprises: in case of the access credential being searched, accessing the target application based on the access credential (FIG. 4 and col. 8, lines 48-67). Regarding Claim(s) 14-17 and 20-21; claim(s) 14-17 and 20-21 is/are directed to a/an device associated with the method claimed in claim(s) 1-4 and 7-8. Claim(s) 14-17 and 20-21 is/are similar in scope to claim(s) 1-4 and 7-8, and is/are therefore rejected under similar rationale. Regarding Claim(s) 22-25; claim(s) 22-25 is/are directed to a/an medium associated with the method claimed in claim(s) 1-4. Claim(s) 22-25 is/are similar in scope to claim(s) 1-4, and is/are therefore rejected under similar rationale. Claim(s) 5-6 and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chen et al. (US 10,454,921 B1) in view of Wrenbeck et al. (US 2022/0210145 A1) as evidenced by Provisional Application No. 63/132,340 filed on December 30th, 2020 and further in view of Ott et al. (US 10,554,624 B2). Regarding Claim 5; Chen in view of Wrenbeck discloses the method to Claim 1. Chen further discloses wherein the login account information comprises a login username and a login password (col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.”); and obtaining from the IAM system login account information of a user with the target application comprises: ... for a login webpage of the target application... calling a login account (col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.”); and ... calling the login account to obtain the login account information from the IAM system and fill in the login webpage with the login account information (col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.”); the login webpage comprises a position region for filling in the login username and login password respectively (col. 8, lines 36-48 - In step 412 the IAM service retrieves from its database 212 the user's identifier and password for the cloud service Salesforce as it normally would, although in this situation the retrieved identifier and password had been replaced with random characters or had been replaced with an encrypted identifier and password in accordance with step 324. The IAM service then fills in the login form for the selected cloud service with the unusable identifier and password and then redirects the user's browser to the actual cloud service, in this case, “Salesforce.com.”); Chen in view of Wrenbeck fails to explicitly disclose [...] injecting, for a login webpage of the target application, a script for calling a login account; and executing the script for calling [...]. However, in an analogous art, Ott discloses [...] injecting, for a login webpage of the target application, a script for calling a login account; and executing the script for calling [...] (col. 4, lines 19-60 – [...] The PAE injects into the page a script or other code stored in a service DB (possibly adapted to the service or client). e. The script monitors user activities and waits until it detects a login action, which may include any action or condition that indicates a desire or need for the end user to login to the service... f. The script may “gray out” input fields for the username, password, or similar, so that the user cannot manipulate the form. g. If the web gateway does not have credentials for this user on this service, the script may allow the user to enter them into a separate page, or directly into the form. If more than one account exists, the script may prompt the user to select credentials for one of the account. h. In some cases, the script receives a “token” from the PAE. The token may be a one-time pseudo-username and pseudo-password that can be used as a “form filler” to provide a useful input into mandatory data fields, either on the form or for internal purposes). Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Ott to the login of Chen in view of Wrenbeck to include [...] injecting, for a login webpage of the target application, a script for calling a login account; and executing the script for calling [...]. One would have been motivated to combine the teachings of Ott to Chen in view of Wrenbeck to do so as it provides / allows to make authentication more seamless for end users (col. 5, lines 36-37). Regarding Claim 6; Chen in view of Wrenbeck and Ott discloses the method to Claim 5. Chen further discloses wherein sending, by the proxy server, a login request to an application server corresponding to the target application based on the login account information and the login authentication information (FIG. 4) comprises: in case that the login password filled in the login webpage is a predetermined virtual password, obtaining, from the IAM system, a real password corresponding to the login username based on the domain name information of the target application (FIG. 2 and col. 8, line 51-57 - Accordingly, in step 416 the proxy gateway service intercepts this login form and replaces the identifier and password with the true identifier and password for the cloud service “Salesforce.com.” Depending upon which technique was used above in step 324, the proxy gateway performs this replacement either by using the proxy gateway user identifier and cloud service identifier to find the true cloud service user identifier and password in local storage, or by using the proxy gateway user identifier to find the correct encryption key also in local storage, in order to decrypt the encrypted password in the login form. Once the true identifier and password for the cloud service have been placed into the login form, then in step 420 the redirection with the login form is allowed to continue to the actual cloud service. The cloud service then accepts the login form, authenticates the user, and provides the user access to the cloud service. At this point, what the user sees next (after selecting the cloud service from the IAM user portal in step 408) is the home page of the cloud service, “Salesforce.com,” with the user having been authenticated and col. 7, lines 60-col. 8, lines 14 – In a variation on the above techniques, it is not necessary that a user login to the proxy gateway to establish a proxy gateway user identifier and password to begin with. This situation is most likely when the proxy gateway computer is located within an enterprise. Under the first technique then, only the user's password for the cloud service is replaced with random characters and the user's true identifier is allowed to be stored in IAM database 212. When the user accesses the particular cloud service in the future, the user's true identifier and the cloud service identifier may be used to map to the local database in order to find the cloud service true password. Under the second technique then, only the user's password for the cloud service is encrypted and the user's true identifier is allowed to be stored in a IAM database 212. When the user accesses the particular cloud service in the future, the user's true identifier may be used to find the appropriate encryption key in the local database corresponding to that user. The encryption key is then used to decrypt the true password. Once the above steps have been completed the user has successfully registered a particular cloud service with an IAM service according to one embodiment of the invention and col. col. 9, lines 11-37 - Saved into a local database under control of an individual user, an enterprise, or the proxy gateway service is: the proxy gateway user identifier 510 (a unique identifier for each user who logs into use the proxy gateway service); a cloud service identifier 520 (a unique identifier for each cloud service that the IAM service supports); the true cloud service user identifier 530 (the actual identifier used by the user to login to the cloud service); the true cloud service user password 540 (the actual password used by the user to login to the cloud service); and, a company identifier 550 (a unique identifier for each enterprise that makes use of the proxy gateway service). Of course, variations are possible. For example, it is not strictly necessary that the true cloud service user identifier be replaced in the login form with random characters and that it be stored as 530 in the local database. It may only be necessary to replace the user's password with random characters and store the password as 540 in the local database or, a combination of the company identifier 550 and the user identifier 530 may be used to locate the record. And, while the record may be stored locally on an individual user's computer or within an enterprise, the proxy gateway service may also store records under its control.) As noted, when the proxy gateway is located within an enterprise it is “component” of the IAM system, thus reads on obtaining by the IAM system; and sending, by the proxy server, the login request to the application server corresponding to the target application based on the real password and the login authentication information (FIG. 2 and FIG. 4) Regarding Claim(s) 18-19; claim(s) 18-19 is/are directed to a/an device associated with the method claimed in claim(s) 5-6. Claim(s) 18-19 is/are similar in scope to claim(s) 5-6, and is/are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KARI L SCHMIDT/Primary Examiner, Art Unit 2439