SYSTEMS AND METHODS FOR APPLICATION SECURITY UTILIZING CENTRALIZED SECURITY MANAGEMENT

DETAILED ACTION This non-final office action is in response to claims 1-20 filed October 22, 2014 for examination. Claims 1-20 are being examined and are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement filed 10/25/2024 has been placed in the application file and the information referred to therein has been considered as to the merits. Drawings The drawings filed on 10/22/2024 have been accepted. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or non-obviousness. Claims 1, 7, 9, 15, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over CN 109558575 A to GAO et al. (“Gao”) in view of CN 112540917 A to ZHU et al. (“Zhu”). Regarding claim 1, Gao taught a method comprising: receiving, by a central security gateway and from a client device, a first request to access a first resource of a first application; (initiating login request to the server by the browser to the user, Page 4, attached prior art (Highlighted portion.)) instructing, by the central security gateway, the client device to access a login check page of a second application; (The user opens the service login page, Page 4, attached prior art (Highlighted portion.).) receiving, by the central security gateway and from the client device, a second request to access the login check page of the second application; (The server receives the client end sending the login request, and checks the user identification information in the login request, if it is registered user, user identification information is user name and login password; Page 4, attached prior art (Highlighted portion.).) Gao was silent but the analogous art Zhu taught instructing, by the central security gateway, the client device to access a first login page of the first application or a second login page of the second application (when the user accesses another application, the evidence will be taken as the evidence of the authentication; the application system will send the evidence to the authentication system to check after receiving the request; checking the legality of the evidence. If the user passes the check, the user can access other applications and systems without re-entry by obtaining the login url module using the user name and password to request the third party authentication server interface; Page 4, attached prior art (Highlighted portion).). Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the invention of Gao by including the idea of instructing, by the central security gateway, the client device to access a first login page of the first application or a second login page of the second application as taught by Zhu for the advantage of implementing an automatic login based on token authentication mechanism for realizing automatic test, comprising obtaining login information Url, the request third party authentication server obtains the random token value to code, splicing into the user login of Url (Zhu, Page 2) Claims 9 and 17 recite similar limitations to claim 1, mutatis mutandis, the subject matter of claims 9 and 17, which is therefore, also considered to be taught by Gao-Zhu combination as above. Regarding claim 7, Gao-Zhu combination further taught the method of claim 1, comprising: determining, by the central security gateway and based upon the first request, whether the client device has a valid session with the first application, wherein instructing the client device to access the login check page is performed in response to determining that the client device does not have a valid session with the first application (Zhu, when the user accesses the application system for the first time, because there is no login, it will be guided to the authentication system to log in; Page 4, attached prior art (Highlighted portion). See also Gao, if non-registered user, the user identification information is empty. a service for user identification information as the search condition from the user database obtains the group number of the user group where the user is. Page 4, highlighted portion) Claim 15 recites similar limitations to claim 7, mutatis mutandis, the subject matter of claim 15, which is therefore, also considered to be taught by Gao-Zhu combination as above. Claims 2, 10, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over GAO in view of ZHU as applied to claims 1, 9 and in further view of CN 101228518 A to Sullivan et al. (“Sullivan”). Regarding claim 2, Gao-Zhu combination taught the method of claim 1, comprising: the combination did not but the analogous art Sullivan taught determining, by the central security gateway and based upon the second request, whether the client device has a valid session with the second application, wherein the client device is instructed to access the second login page based upon a determination that the client device does not have a valid session with the second application (Sullivan, Page 16. attached prior art (Highlighted portion.) receiving information from the Internet infrastructure, analyzing from the Internet infrastructure the received information, and if certain predefined condition is satisfied, then the inquiry directed to the first login page, or if those conditions is not satisfied, then the information from the Internet to the user or the query directed to the second login page). Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the combined invention of Gao and Zhu by including the idea of determining, by the central security gateway and based upon the second request, whether the client device has a valid session with the second application, wherein the client device is instructed to access the second login page based upon a determination that the client device does not have a valid session with the second application as taught by Sullivan for the advantage of directing of various services to specified websites. (Sullivan, abstract) Claims 10 and 18 recite similar limitations to claim 2, mutatis mutandis, the subject matter of claims 10 and 18, which is therefore, also considered to be taught by Gao-Zhu-Sullivan combination as above. Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over GAO in view of ZHU as applied to claims 1, 9 and in further view of US 2015/0150114 A1 to Kuker et al. (“Kuker”). Regarding claim 6, Gao-Zhu combination taught the method of claim 1, comprising: the combination did not but the analogous art Kuker taught establishing, by the central security gateway, a first encrypted connection with a first device of the first application; and instructing, by the central security gateway and via the first encrypted connection, the first application to provide the client device with access to the first resource (Claims 46-47, 53: an SSH tunnel over a TCP Connection is established in between an SSH server on the central server and an SSH client session on the probe application; the SSH Server creates the device proxy…the SSH client session connects to the device proxy address and initializes an encrypted connection. a computer or server on a remote network establish a probe application for communicating with an external central server in communication with a client user, said probe application being configured to: establish a secure link to the central server in response to a request received from the central server; forward a user session received from the central server over a secure tunnel provided by the secure link to a device or service on the remote network, whereby a user can gain access to the device or service on the remote network via the central server and the probe application.). Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the combined invention of Gao and Zhu by including the idea of establishing, by the central security gateway, a first encrypted connection with a first device of the first application; and instructing, by the central security gateway and via the first encrypted connection, the first application to provide the client device with access to the first resource as taught by Kuker in order to provide secure user access to a device or service on a remote network, upon receipt of a request to access the device or service on a portal on a central server (Kuker, abstract). Claim 14 recites similar limitations to claim 6, mutatis mutandis, the subject matter of claim 14, which is therefore, also considered to be taught by Gao-Zhu combination as above. Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over GAO in view of ZHU as applied to claims 1, 9 and in further view of US 2017/0149766 A1 to Uiterwijk et al. (“Uiterwijk”). Regarding claim 8, Gao-Zhu combination taught the method of claim 1, the combination did not but the analogous art Uiterwijk taught a first domain of the first application is different than a second domain of the second application (Para. 0004. The first application is configured to operate on a first domain… the second application is configured to operate on a second domain. The second domain is different than the first domain). Therefore, it would have been obvious to one having ordinary skill in the art before the applicant(s) invention was filed to modify the combined invention of Gao and Zhu by including the idea of a first domain of the first application is different than a second domain of the second application as taught by Uiterwijk in order to provide cross-domain single login (Uiterwijk, Para. 0004). Claim 16 recites similar limitations to claim 8, mutatis mutandis, the subject matter of claim 16, which is therefore, also considered to be taught by Gao-Zhu-Uiterwijk combination as above. Allowable Subject Matter Claims 3, 11, and 19 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Dependent claims 4-5, 12-13, and 20 would also be allowable due to dependency. The following is a statement of reasons for the indication of allowable subject matter: None of the prior arts on the record taken alone or in combination taught the following limitations if incorporated into independent claims. “determining, by the central security gateway and based upon the second request, whether the client device has a valid session with the second application, wherein the client device is instructed to access the first login page based upon a determination that the client device has a first valid session with the second application.” Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US 20180332042 A1 (Yu et al.): [0006] In light of this subpar experience and lack of security, an improved version of the authentication flow is disclosed herein. For example, suppose the user is interacting with a first application (e.g., a messaging application or a chat application). In aspects, a web application may be accessed from the first application. The web application may be any third-party web application (e.g., a third-party chat bot) accessed within the first application. In aspects, the user may request the web application to access a second application that is remote from the first application (e.g., a third-party social-networking application such as Instagram®, Snap Chat®, Google®, Facebook®, etc.). The bot may then check if the user is authenticated for access to the second application. If the user has not yet been authenticated, then the bot may provide a login URL to the user. The login URL may open a browser window for inputting user credentials for the second application. Upon verifying the user credentials, the second application may then pass an access token back to a web service associated with the web application (e.g., a website owned by the bot developer). US 9967260 B1 (Gabriel et al.): (9) Implementations may include one or more of the following features: determining, by the first application, that the second application is one of a predetermined set of applications; wherein generating the modified application request is performed in response to determining that the second application is one of the predetermined set of applications. Generating the message that includes the authorization code comprises generating, by the first application, a URL that includes the authorization code and indicates an address hosted by the server system. Providing the message that includes the authorization code to the second application comprises: providing, by the first application, the generated URL to the second application; initiating a switch in focus from the first application to the second application; and initiating navigation of the second application to the generated URL. Determining that the second application is one of a predetermined set of applications comprises: determining that the device switched from the second application to the first application; obtaining an identifier for the second application; determining that the identifier for the application matches one of a predetermined set of identifiers indicating that the corresponding application is a web browser; and determining that the second application is one of a predetermined set of applications based on determining that the identifier for the application matches one of the predetermined set of identifiers indicating that the corresponding application is a web browser. The authentication request comprises a SAML authentication request. Generating the message that includes the authorization code comprises generating a message comprising information allowing the second application to initiate communication with the server system over the second communication session. Generating the message that includes the authorization code comprises generating a message comprising information causing the second application to switch from using the first communication session to using the second communication session. Receiving the authentication request comprises receiving an authentication request for a single sign on service, the request being initiated by an application or web page. US 8615082 B1 (Selman et al.): (58) The system can include an encrypted connection providing a secure connection between the remote network operation center and the remote central server. The encrypted connection can be formed using an encryption software. The encryption software can include symmetric encryption, asymmetric encryption, such as RSA encryption, or combinations thereof. The encryption module can include computer instructions to provide a security certificate verifiable by a trusted third party. For example, an RSA encryption with security certificates verifiable by a trusted third party, such as VERISIGN.TM., can be used. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached at 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Shawnchoy Rahman/Primary Examiner, Art Unit 2438