PROCESSING AUTHENTICATION REQUESTS FOR UNIFIED ACCESS MANAGEMENT SYSTEMS AND APPLICATIONS

§101 §102 §DP

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 2. EXAMINER’S NOTE: The claims have been reviewed and considered under the new guidance pursuant to the 2019 Revised Patent Subject Matter Eligibility Guidance (PEG 2019) issued January 7, 2019. 3. This communication is in response to Applicant’s claims filed on 11 October 2024. Claims 1-20 remain pending. Information Disclosure Statement 4. The Information Disclosure Statement respectfully submitted on 27 December 2024 has been considered by the Examiner. Continued Prosecution Application 5. This application is a continuation-in-part of Serial No. 17/869,641 filed on 20 July 2022, which is now, US Patent No. 12,120,122, issued on 15 October 2024. Double Patenting 6. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Instant Application 18/913,777 Issued Application 12,120,122 1. A method comprising: obtaining, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; predicting, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; and causing the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. 2. The method of claim 1, wherein the historical data comprises statistical information associated with the user accessing the one or more second resources in association with one or more previous user sessions. 3. The method of claim 2, wherein the statistical information is indicative of one or more correlations between the user accessing the one or more second resources and accessing the one or more first resources. 4. The method of claim 1, wherein the request is responsive to the user requesting access to the one or more first resources. 5. The method of claim 1, further comprising: receiving, from the access server, the authorization response and the preemptive authorization response; and granting, responsive to the receiving, access to at least one of: the one or more first resources, or the one or more second resources. 6. The method of claim 1, wherein at least one of the one or more first resources or the one or more second resources comprise at least one of: a gaming application, a video streaming application, an audio streaming application, or a database application. 7. The method of claim 1, wherein the one or more first resources are hosted using a distributed computing infrastructure. 8. The method of claim 1, wherein the access server comprises a unified access management (UAM) server. 9. The method of claim 1, wherein at least one of the request or the preemptive request causes the access server to download one or more policies associated with an authorization of the user to access at least one of: the one or more first resources, or the one or more second resources. 10. The method of claim 1, further comprising: receiving, responsive to an additional request, the preemptive authorization response from the access server, wherein the additional request is responsive to the user requesting access to the one or more second resources. 11. A system comprising: a memory device; and one or more processing units, communicatively coupled to the memory device, to: obtain, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; predict, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; and cause the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. 12. The system of claim 11, wherein the historical data comprises statistical information associated with the user accessing the one or more second resources in association with one or more previous user sessions. 13. The system of claim 12, wherein the statistical information represents one or more correlations between the user accessing the one or more second resources and accessing the one or more first resources. 14. The system of claim 11, wherein the authorization response is responsive to the user requesting access to the one or more first resources. 15. The system of claim 11, wherein the one or more processing units are further to: receive, from the access server, the authorization response and the preemptive authorization response; and grant, responsive to reception of the authorization response and the preemptive authorization response, access to at least one of: the one or more first resources, or the one or more second resources. 16. The system of claim 11, wherein at least one of the one or more first resources or the one or more second resources comprise at least one of: a gaming application, a video streaming application, an audio streaming application, or a database application. 17. The system of claim 11, wherein the one or more first resources are hosted using a distributed computing infrastructure. 18. The system of claim 11, wherein at least one of the request or the preemptive request causes the access server to download one or more policies associated with an authorization of the user to access at least one of: the one or more first resources, or the one or more second resources. 19. The system of claim 11, wherein the one or more processing units are further to: receive, responsive to an additional request, the preemptive authorization response from the access server, wherein the additional request is responsive to the user requesting access to the one or more second resources. 20. A processor to: obtain, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; predict, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; and cause the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. 1. A method comprising: receiving a request of a user to access a first resource of a plurality of resources; sending, to an access server, a first authorization request to evaluate an authorization level corresponding to the user for accessing the first resource; obtaining a historical data associated with one or more user sessions involving previous interactions of the user with the plurality of resources; predicting, based on the historical data, that the user will request access, within a target time, to a second resource of the plurality of resources with at least a threshold probability; sending, to the access server, a second authorization request to evaluate an authorization level corresponding to the user for accessing at least the second resource, wherein the second authorization request is to cause the access server to download an authorization data associated with the second authorization request; receiving, from the access server, a first authorization response indicative of the authorization level corresponding to the user for accessing the first resource; and receiving, from the access server, a second authorization response indicative of the authorization level corresponding to the user for accessing the second resource, wherein the second authorization response is obtained using the authorization data. 2. The method of claim 1, wherein the second resource comprises at least one of a gaming application, a video streaming application, an audio streaming application, or a database application. 3. The method of claim 1, wherein the second resource is supported by a cloud service. 4. The method of claim 1, wherein the access server comprises a unified access management (UAM) server. 5. The method of claim 4, wherein the authorization data comprises one or more UAM policies, at least one UAM policy of the one or more UAM policies specifying access rights for the second resource. 6. The method of claim 1, wherein the first authorization request comprises a request to authenticate the user. 7. The method of claim 1, wherein the second authorization request is an advanced authorization request, and wherein the second authorization response is caused by sending, to the access server, a third authorization request, wherein the third authorization request is to evaluate an authorization level corresponding to the user for accessing the second resource. 8. The method of claim 1, wherein the historical data comprises statistics of the user accessing the second resource over a predetermined historical period of time. 9. The method of claim 8, wherein the statistics of the user accessing the second resource comprises one or more correlations between the user accessing the first resource and accessing the second resource. 10. The method of claim 1, wherein the second authorization request is to evaluate an authorization level, corresponding to the user, for accessing at least the second resource and a third resource, the method further comprising: receiving, from the access server, a third authorization response indicative of an authorization level corresponding to the user for accessing the third resource to the user, wherein the third authorization response is obtained using the authorization data. 11. A system comprising: a memory device; and one or more processing devices, communicatively coupled to the memory device, to: receive a request of a user to access a first resource of a plurality of resources; send, to an access server, a first authorization request to evaluate accessibility of the first resource to the user; obtain a historical data associated with user sessions involving previous interactions of the user with the plurality of resources; predict, based on the historical data, that the user will request access, within a target time, to a second resource of the plurality of resources with at least a threshold probability; send, to the access server, a second authorization request to evaluate accessibility of at least the second resource to the user, wherein the second authorization request is to cause the access server to download an authorization data associated with the second authorization request; receive, from the access server, a first authorization response indicative of accessibility of the first resource to the user; and receive, from the access server, a second authorization response indicative of accessibility of the second resource to the user, wherein the second authorization response is obtained using the authorization data. 12. The system of claim 11, wherein the second resource is supported by a cloud service and comprises at least one of a gaming application, a video streaming application, an audio streaming application, or a database application. 13. The system of claim 11, wherein the access server comprises a unified access management (UAM) server, and wherein the authorization data comprises one or more UAM policies, at least one UAM policy of the one or more UAM policies specifying access rights for the second resource. 14. The system of claim 11, wherein the second authorization request is an advanced authorization request, and wherein the second authorization response is caused by sending, to the access server, a third authorization request, wherein the third authorization request is to evaluate accessibility of the second resource to the user. 15. The system of claim 11, wherein the historical data comprises one or more statistics of the user accessing the second resource over a predetermined historical period of time, and wherein the statistics of the user accessing the second resource comprises correlations between the user accessing the first resource and accessing the second resource. 16. A non-transitory computer-readable medium storing instructions thereon, wherein the instructions, when executed by a processing device, cause the processing device to: receive a request of a user to access a first resource of a plurality of resources; send, to an access server, a first authorization request to evaluate an authorization level corresponding to the user for accessing the first resource; obtain a historical data associated with user sessions involving previous interactions of the user with the plurality of resources; predict, based on the historical data, that the user will request access, within a target time, to a second resource of the plurality of resources with at least a threshold probability; send, to the access server, a second authorization request to evaluate an authorization level corresponding to the user for accessing at least the second resource to the user, wherein the second authorization request is to cause the access server to download an authorization data associated with the second authorization request; receive, from the access server, a first authorization response indicative of the authorization level corresponding to the user for accessing the first resource; and receive, from the access server, a second authorization response indicative of the authorization level corresponding to the user for accessing the second resource, wherein the second authorization response is obtained using the authorization data. 17. The non-transitory computer-readable medium of claim 16, wherein the second resource is supported by a cloud service and comprises at least one of a gaming application, a video streaming application, an audio streaming application, or a database application. 18. The non-transitory computer-readable medium of claim 16, wherein the access server comprises a unified access management (UAM) server, and wherein the authorization data comprises one or more UAM policies, each of the one or more UAM policies specifying access rights for the second resource. 19. The non-transitory computer-readable medium of claim 16, wherein the second authorization request is an advanced authorization request, and wherein the second authorization response is caused by sending, to the access server, a third authorization request, wherein the third authorization request is to evaluate the authorization level corresponding to the user for accessing the second resource. 20. The non-transitory computer-readable medium of claim 16, wherein the historical data comprises one or more statistics of the user accessing the second resource over a predetermined historical period of time, and wherein the statistics of the user accessing the second resource comprises one or more correlations between the user accessing the first resource and accessing the second resource. 7. Claims 1-20 is rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,120,122. Although the claims at issue are not identical, they are not patentably distinct from each other because in both instances, the claims are drawn towards processing authentication requests for unified access management systems and applications. The omission of “a second authorization request to evaluate an authorization level corresponding to the user for accessing at least the second resource, wherein the second authorization request is to cause the access server to download an authorization data associated with the second authorization request; receiving, from the access server, a first authorization response indicative of the authorization level corresponding to the user for accessing the first resource; and receiving, from the access server, a second authorization response indicative of the authorization level corresponding to the user for accessing the second resource, wherein the second authorization response is obtained using the authorization data” does not change the scope of the claims for the instant application and the issued application. Similarly, in both instances, a similarity measure may be attained wherein improve efficiency and decrease latency of processing of authorization requests by cloud-based access servers that evaluate access rights to access various cloud-based services is being performed. Claim Rejections - 35 USC § 101 8. 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 20 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim recites an apparatus claim (i.e. processor) in the preamble only and a series of steps in the body of the claim with no hardware structure in the body of the claim. Therefore, in order to overcome the 101 rejection, the Examiner respectfully suggests that the claim be amended to positively recite a hardware element in the body of the claims to make the claim statutory. Claim Rejections - 35 USC § 102 9. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. 11. Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Olden et al. (US Patent No. 6,460,141). Referring to the rejection of claim 1, Olden et al. discloses a method comprising: obtaining, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; (See Olden et al., Col. 8, lines 15-33, i.e., a user is granted or denied access privilege to a resource depending on the policy level as defined with three resultants – allow, deny, or require. Allow permits the user to access the resources without any further rule processing, deny forbids the user access without any further rule processing, and require is satisfied if accessibility is determined, if not satisfied, deny the user access) predicting, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; (See Olden et al., Col. 24, lines 29-63, i.e., the cookie is stored in memory on the browser computer, preventing malicious users from reading the cookie from disk. Second, the cookie contains IP address-specific information that is checked to see whether the information is coming from the IP address for which it was created, preventing a malicious user from stealing the cookie and using it from another computer. Third, the cookie has time out settings for inactivity that renders it unusable after a determined period of inactivity. This prevents a malicious user from using a vacant computer to gain access to a trusted user's protected resources. Fourth, the cookie has a maximum lifetime setting that forces a re-authentication if the time threshold is exceeded. The time out settings, both for inactivity and maximum lifetime, are set on a per Web server basis. Based on this historical data, protects the passwords by encrypting communication and allows the web applications to be secured by requiring user information to be transferred back to them to enable seamless sign-on) and causing the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. (See Olden et al., Col. 25, lines 21-42 and Col. 26, lines 8-19, i.e., the security and access management system uses centralized sign-on information so that multiple credentials stored does not need to be remembered and the logging levels are configured in 4 different security levels. For example, consider that user Steve may have one username/password for Web applications and a different username and password for a legacy application. Single sign on from the Web to the legacy application can be accommodated by storing the user's legacy credentials as user properties for Steve such as legacy_username and legacy_password in the entitlements database. The legacy Web application would then query the API and request the legacy_username and legacy_password for ct_username=steve. The results can then be transferred to the legacy application to be used in the logon procedure. Since this is performed programmatically, the user is not aware of the second logon process. To the user, it seems as if he or she only logged onto the Web site once) *According to the Applicant’s specification in para. 49, preemptive authorization is defined as replacing user identification with an identification of other users or replacing resource identifications with identification of other resources. Referring to the rejection of claims 2 and 12, Olden et al. discloses wherein the historical data comprises statistical information associated with the user accessing the one or more second resources in association with one or more previous user sessions. (See Olden et al., Col. 26, lines 30-36 and Col. 28, lines 6-17, i.e., the log file rotates itself automatically. In other words, when the log file reaches a pre-defined size, which is preferably configurable, the log file is time stamped, and a new log file is created. The administrator can elect to implement a process for archiving these log files, as they typically grow relatively fast because they represent all protected intranet/extranet usage. The management server in turn directs FireWall-1 modules to terminate previous sessions or deny access to specific hosts which have been identified by SAMP clients as generating suspicious activity on the network or server system. The specific actions taken by the firewall might include terminating a current session in progress or blocking new session attempts that match the criteria over a specified time period in the future) Referring to the rejection of claims 3 and 13, Olden et al. discloses wherein the statistical information is indicative of one or more correlations between the user accessing the one or more second resources and accessing the one or more first resources. (See Olden et al., Col. 28, lines 18-35, i.e., The SAMP client application is capable of identifying suspicious activity on the network or a specific host. Examples of such activity for correlation between user and one or more resources include: a client making repeated connection attempts to privileged services on a specific host (e.g., scanning); a client attempting to issue illegal commands or repeatedly failing to complete a login to a server system for which access by the client would generally be considered permissible (e.g., a user accessing an Internet-accessible Web server, but attempting to send illegal CGI commands through a form); or any other criteria set which if met, qualifies the activity as an inferred security threat and not allowing connections to pass through the firewall unless they are already allowed by the explicitly defined management policies) Referring to the rejection of claims 4 and 14, Olden et al. discloses wherein the request is responsive to the user requesting access to the one or more first resources. (See Olden et al., Col. 9, lines 27-34, Col. 25, lines 43-67 and Col. 26, lines 1-6, i.e., when a user request to access resources occur, there are thirteen types of events that are in response during the authentication/authorization process. The security and access management system records the following user events - 1. Invalid user 2. Invalid password 3. Inactive account 4. Expired account 5. User denied based on user level explicit entitlement 6. User denied based on group level explicit entitlement 7. User denied based on realm level explicit entitlement 8. User denied based on smart rule 9. User denied because no entitlement existed 10. User allowed based on user level explicit entitlement 11. User allowed based on group level explicit entitlement 12. User allowed based on realm level explicit entitlement 13. User allowed based on smart rule. During the request, the Web server grants access to the user to different application functions) Referring to the rejection of claims 5 and 15, Olden et al. discloses further comprising: receiving, from the access server, the authorization response and the preemptive authorization response; and granting, responsive to the receiving, access to at least one of: the one or more first resources, or the one or more second resources. (See Olden et al., Col. 9, lines 27-45, i.e., During a request for the customer account application, the enabled Web server processes the ACCESS application function to determine accessibility to the application. Once a user, that is, a service contract customer, is granted access, the customer account application uses the API server to determine the different application functions to which the customer has access rights, and returns the correct interface which supports the function set) Referring to the rejection of claims 6 and 16, Olden et al. discloses wherein at least one of the one or more first resources or the one or more second resources comprise at least one of: a gaming application, a video streaming application, an audio streaming application, or a database application. (See Olden et al., Col. 8, lines 34-38, i.e., the resource definition architecture comprises an application architecture which groups protected resources into web-based applications (i.e., database applications) comprised of Uniform Resource Identifiers (URIs) Referring to the rejection of claims 7 and 17, Olden et al. discloses wherein the one or more first resources are hosted using a distributed computing infrastructure. (See Olden et al., Col. 5, lines 10-21 and Col. 6, lines 45-48, i.e., one or more resources are hosted using distributed computing infrastructure (i.e., distributed authorized servers and a security and access management system provides a highly flexible and scalable data model for defining both accessibility of resources and applications) Referring to the rejection of claim 8, Olden et al. discloses wherein the access server comprises a unified access management (UAM) server. (See Olden et al., Col. 30, lines 33-49, i.e., a unified access management server is disclosed) Referring to the rejection of claims 9 and 18, Olden et al. discloses wherein at least one of the request or the preemptive request causes the access server to download one or more policies associated with an authorization of the user to access at least one of: the one or more first resources, or the one or more second resources. (See Olden et al., Col. 16, lines 8-26, i.e., The most basic application privilege is access. If a user has the access privilege granted for a certain application, he or she can navigate to that application on the intranet. Every application has the access entitlement by default. Other application entitlements can control other aspects of the functionality of the application. An application can have a print entitlement, or a save entitlement, for example. The user can be allowed to download appropriate applets based on permissions managed by the security and access management system. Application entitlements dictate the level of control that the administrator has over application access. Applications with only the access entitlement are completely available to anyone with that entitlement) Referring to the rejection of claims 10 and 19, Olden et al. discloses further comprising: receiving, responsive to an additional request, the preemptive authorization response from the access server, wherein the additional request is responsive to the user requesting access to the one or more second resources. (See Olden et al., Col. 9, lines 27-45, i.e., During a request for the customer account application, the enabled Web server processes the ACCESS application function to determine accessibility to the application. Once a user, that is, a service contract customer, is granted access, the customer account application uses the API server to determine the different application functions to which the customer has access rights, and returns the correct interface which supports the function set) Referring to the rejection of claim 11, Olden et al. discloses a system comprising: (See Olden et al., Fig. 1, a security and access management system, item 10 is disclosed) a memory device; (See Olden et al., Fig. 1, a security and access management system, item 10 comprises an entitlements database, item 32) and one or more processing units, communicatively coupled to the memory device, to: (See Olden et al., Fig. 1, a security and access management system comprises a computer disclosed as the processor coupled to the memory) obtain, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; (See Olden et al., Col. 8, lines 15-33, i.e., a user is granted or denied access privilege to a resource depending on the policy level as defined with three resultants – allow, deny, or require. Allow permits the user to access the resources without any further rule processing, deny forbids the user access without any further rule processing, and require is satisfied if accessibility is determined, if not satisfied, deny the user access) predict, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; (See Olden et al., Col. 24, lines 29-63, i.e., the cookie is stored in memory on the browser computer, preventing malicious users from reading the cookie from disk. Second, the cookie contains IP address-specific information that is checked to see whether the information is coming from the IP address for which it was created, preventing a malicious user from stealing the cookie and using it from another computer. Third, the cookie has time out settings for inactivity that renders it unusable after a determined period of inactivity. This prevents a malicious user from using a vacant computer to gain access to a trusted user's protected resources. Fourth, the cookie has a maximum lifetime setting that forces a re-authentication if the time threshold is exceeded. The time out settings, both for inactivity and maximum lifetime, are set on a per Web server basis. Based on this historical data, protects the passwords by encrypting communication and allows the web applications to be secured by requiring user information to be transferred back to them to enable seamless sign-on) and cause the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. (See Olden et al., Col. 25, lines 21-42 and Col. 26, lines 8-19, i.e., the security and access management system uses centralized sign-on information so that multiple credentials stored does not need to be remembered and the logging levels are configured in 4 different security levels. For example, consider that user Steve may have one username/password for Web applications and a different username and password for a legacy application. Single sign on from the Web to the legacy application can be accommodated by storing the user's legacy credentials as user properties for Steve such as legacy_username and legacy_password in the entitlements database. The legacy Web application would then query the API and request the legacy_username and legacy_password for ct_username=steve. The results can then be transferred to the legacy application to be used in the logon procedure. Since this is performed programmatically, the user is not aware of the second logon process. To the user, it seems as if he or she only logged onto the Web site once) *According to the Applicant’s specification in para. 49, preemptive authorization is defined as replacing user identification with an identification of other users or replacing resource identifications with identification of other resources. Referring to the rejection of claim 20, Olden et al. discloses a processor to: (See Olden et al., Fig. 1, a security and access management system comprises a computer operated by a user disclosed as the processor) obtain, from an access server, an authorization response to a request to evaluate an authorization level associated with a user accessing one or more first resources; ; (See Olden et al., Col. 8, lines 15-33, i.e., a user is granted or denied access privilege to a resource depending on the policy level as defined with three resultants – allow, deny, or require. Allow permits the user to access the resources without any further rule processing, deny forbids the user access without any further rule processing, and require is satisfied if accessibility is determined, if not satisfied, deny the user access) predict, based on historical data, that the user is to request access to one or more second resources with at least a threshold probability; (See Olden et al., Col. 24, lines 29-63, i.e., the cookie is stored in memory on the browser computer, preventing malicious users from reading the cookie from disk. Second, the cookie contains IP address-specific information that is checked to see whether the information is coming from the IP address for which it was created, preventing a malicious user from stealing the cookie and using it from another computer. Third, the cookie has time out settings for inactivity that renders it unusable after a determined period of inactivity. This prevents a malicious user from using a vacant computer to gain access to a trusted user's protected resources. Fourth, the cookie has a maximum lifetime setting that forces a re-authentication if the time threshold is exceeded. The time out settings, both for inactivity and maximum lifetime, are set on a per Web server basis. Based on this historical data, protects the passwords by encrypting communication and allows the web applications to be secured by requiring user information to be transferred back to them to enable seamless sign-on) and cause the access server to generate a preemptive authorization response to a preemptive request to evaluate an authorization level associated with the user accessing the one or more second resources. (See Olden et al., Col. 25, lines 21-42 and Col. 26, lines 8-19, i.e., the security and access management system uses centralized sign-on information so that multiple credentials stored does not need to be remembered and the logging levels are configured in 4 different security levels. For example, consider that user Steve may have one username/password for Web applications and a different username and password for a legacy application. Single sign on from the Web to the legacy application can be accommodated by storing the user's legacy credentials as user properties for Steve such as legacy_username and legacy_password in the entitlements database. The legacy Web application would then query the API and request the legacy_username and legacy_password for ct_username=steve. The results can then be transferred to the legacy application to be used in the logon procedure. Since this is performed programmatically, the user is not aware of the second logon process. To the user, it seems as if he or she only logged onto the Web site once) *According to the Applicant’s specification in para. 49, preemptive authorization is defined as replacing user identification with an identification of other users or replacing resource identifications with identification of other resources. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY D FIELDS whose telephone number is (571)272-3871. The examiner can normally be reached IFP M-F 8am-4:30pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SHEWAYE GELAGAY can be reached at (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /COURTNEY D FIELDS/Examiner, Art Unit 2436 January 1, 2026 /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436