DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 12/09/2020.


Response to Arguments
Applicant's arguments filed 12/09/2020 for rejected claims 103(a) have been fully considered but they are not persuasive. 
 	Applicant argued in the remark page 10, Ahmed, a shadow account specifically does not use a password for creation of the shadow account.
 	Examiner respectfully disagrees. Ahmed discloses in the claim 1, generating, by a computing device, at least one recommendation for a conversion of the at least one shadow account to at least one full account requiring a user password. Wherein generating the shadow account using the password. This can be seen as use a password for creation of the shadow account.

   Applicant argued in the remark of the page 8 discloses a processor, a network interface, and computer-readable media are not software.
 	Examiner respectfully disagrees. Specification, par 0041 memory 604 typically stores data and/or program modules, Thus, media is program module software. Par 0042 discloses the network interface 610 may also include a wireless network interface configured to communicate via one or more wireless communication protocols, such as WiFi, 2G, 3G, 4G, LTE, 5G, WiMAX, Bluetooth, and/or the like, Thus, Interface is software communication protocol. Par 0048 discloses  one or more general-purpose or special-purpose processors but specification does not limit above the processor, thus broadly interpreting this processor can be a processor can be software as well as human (e.g. see par. 0097 of US 2008/0240253 A1, col. 2, ll. 65-66 of US 5,787,131, col. 10, ll. 52 of US 5,944,783, par. 0073 of US 2004/0044912 A1, or par. 0049 of US 2005/0091661 A1).  

 




Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


the claimed 18-20  invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because: As per claim 18,
 elements in this claim, processor , a network interface and computer-readable media, are not hard ware in light of the specification, broadly interpreting those terms, those are the software, Thus, this claim does not fall into one of the statutory subject matter.
 As per claim 19-20, those claims are rejected based on the same rational set forth the claim 18.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1,3-15,17-18 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Sim et al US 2018/0234464 in view of Ahmed et al US 9,734,321 in view of Shen et al US 9,853,968.

 	 As per claim 1, Sim discloses a method performed by a computer system that includes one or more processors ( fig.2, authentication server processor ), a network interface ( par 0035, interface ), and computer-readable media ( par 0055 random-access memory (RAM) and/or virtual memory storing information such as central processing unit (CPU)  ), the method comprising: 
 	receiving a resource request from a client computing device, wherein the resource request is directed to a software service that uses authentication (0047, At step A1 the client initiates access by requesting URL1 (the resource could also be a login page of the first resource provider)); 
redirecting the resource request to an authentication identity provider, wherein the redirecting of the resource request comprises transmission of an authentication request that includes user identity information but does not include a password for the software service ( 0047, At step A2 the first resource provider optionally issues a redirect to the authentication broker and  Preferably, personal information is either translated to non-personal form or is not shared wherein the request does not include password);
 in response to the authentication request, receiving an authentication token generated by the authentication identity provider ( par 0048 At step C the authentication broker authenticates the user/client and provides a token); 
in response to receiving the authentication token, accessing  the software service that uses authentication (par 0048 At step E the client provides the access token in connection with the original resource request for URL1 of the first resource provider ( i.e. the software service) );
 in response to accessing  the software service, generating authenticated connection information (par 0048 The first resource provider of the URL1 begins its authentication procedure and forwards the token to the authentication broker for validation); and
 transmitting the authenticated connection information to the client computing device, wherein the authenticated connection information enables the client computing device to access the software service via an authenticated connection (  0049 If the authentication or authorization procedure of the first resource provider is successful then the client is given access to URL1 (i.e. authenticated connection information)).  
 Sim does not discloses based on token, creating a shadow account with the software service that uses password-based authentication, wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 However, Ahmed discloses based on token, creating a shadow account with the software service that uses password-based authentication (fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 and Ahmed discloses in the claim 1, generating, by a computing device, at least one recommendation for a conversion of the at least one shadow account to at least one full account requiring a user password. Wherein generating the shadow account using the password. This can be seen as use a password for creation of the shadow account). 

 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim.
 	 The combination does not discloses wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 	However, Shen disclose wherein creating the shadow account comprise generating a random password ( claim 1, dynamically generating a random password at an access point device that enables the unregistered user to access a temporary account, i.e. shadow account ), and setting the random password as the password for the shadow account ( claim 1, wherein the temporary account is activated, i.e. setting with random password, with a processor and enables the unregistered user to access the network for only the single session).
 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim, based on the teaching of enabling the temporary account to access by the unregistered user of Shen, doing so would provide on-demand access to a network for a single session ( Shen, clam 1). 


 	As per claim 3, Sim in view of Ahmed  in view of Shen discloses the method of Claim 1, the combination discloses wherein the authenticated connection information comprises a cookie (Sim,  0032, geographic location of the subject, network address or domain of the subject, features of the client or user agent (e.g., which web browser and/or version, device identity, device type, operating system, device software and OS patch compliance), a source that redirected to the authentication server to initiate authentication, time of day, day of the week, cookies and their settings (e.g., expire period if any), and  0049 If the authentication or authorization procedure of the first resource provider is successful then the client is given access to URL1 (i.e. cookie)).  

 	As per claim 4, Sim in view of Ahmed in view of Shen discloses the method of Claim 3, the combination discloses wherein the authenticated connection information further comprises a configuration file associated with the software service ( Sim, par 0055 The stored information can be in the form of machine executable instructions (e.g., compiled executable binary code), source code, bytecode, or any other information that can be used to enable or configure computing devices to perform the various embodiments discussed above).  

 	As per claim 5, Sim in view of Ahmed in view of Shen discloses the method of Claim 1, the combination discloses wherein the resource request is transmitted from the client computing device via a web browser (Sim, The clients 104 may also be other web sites or network services that serve as applications for end users. The clients 104 may also be referred to as applications. In any case, a client 104 is a device that authenticates with the authentication broker 100 to obtain a token or similar credential and then uses the token to authenticate to the resource providers 106 to gain access to resources from the resource providers 106), and wherein the authentication connection information is received at the client computing device via the web browser ( par  0047 The client 104 determines that a specific resource (e.g., authentication connection information) is needed from the first resource provider 106A).  

 	As per claim 6, Sim in view of Ahmed in view of Shen discloses the method of Claim 1, the combination discloses the combination discloses wherein the step of redirecting the resource request to the authentication identity provider causes the authentication identity provider ( 0047, At step A2 the first resource provider optionally issues a redirect to the authentication broker and  Preferably, personal information is either translated to non-personal form or is not shared wherein the request does not include password) to: 
 	validate the user identity information ( Sim, par 0023 access to a given resource by a given end user may depend on a corresponding account or identity being authenticated by the corresponding resource provider 106); 
 	generate the authentication token if the validation of the user identity information is successful ( Sim, par 0025  At step B, assuming that the authentication broker 100 authenticated the identity of the end user, then the authentication broker 100 issues an authentication credential such as a token 110); and  
 	transmit the authentication token to the authentication management computer system directly, or indirectly via the client computing device (Sim, par 0026 At step C the client 104 sends a resource request 112 to a resource provider 106. The resource request 112 may include (or be proceeded or followed by) the token 110).  

	As per claim 9, Sim in view of Ahmed in view of Shen discloses the method of Claim 1,Sim discloses  wherein the software service comprises a remote desktop service (par 0026, the resource provider with web server with a remote applicant for a consumer service).  

 	As per claim 10, Sim in view of Ahmed discloses the method of Claim 1, Sim discloses wherein the resource request is received by the authentication management computer system via a web application (par 0026, the resource provider receives the resource request 112 and token 110 and begins to perform an authentication procedure to determine whether the client 104 is permitted to access the resource requested by the resource request 112. The resource provider 106 attempts to validate the token 110. Token validation might be proceeded by preliminary authentication measures for identifying risky clients or requests and par 0026, the resource provider with web server with a remote applicant for a consumer service), and wherein the authentication connection information is transmitted to the client computing device via the web application (par 0026 par 0026, the resource provider with web server with a remote applicant for a consumer service  and The resource provider receives the resource request 112 and token 110 and begins to perform an authentication procedure to determine whether the client 104 is permitted to access the resource requested by the resource request 112. The resource provider 106 attempts to validate the token 110. Token validation might be proceeded by preliminary authentication measures for identifying risky clients or requests).  

As per claim 11, Sim discloses a method performed by a computer system comprising one or more processors (fig.2, authentication server processor ), a network interface (par 0035, interface  ), and computer-readable media ( par 0055 random-access memory (RAM) and/or virtual memory storing information such as central processing unit (CPU)), the method comprising: 
  TERW\67142AP.docx-19-receiving a resource request from a client computing device, wherein the resource request is directed to a remote a software service (0047, At step A1 the client initiates access by requesting URL1 (the resource could also be a login page of the first resource provider) ); 
 redirecting the resource request to an authentication identity provider, wherein the redirected resource request comprises an authentication request that includes user identity information(0047, At step A2 the first resource provider optionally issues a redirect to the authentication broker and  Preferably, personal information is either translated to non-personal form or is not shared wherein the request does not include password ); 
 in response to the authentication request, receiving an authentication token generated by the authentication identity provider (par 0048 At step C the authentication broker authenticates the user/client and provides a token ); 
 in response to receiving the authentication token, creating a shadow account with the software service (par 0048 At step E the client provides the access token in connection with the original resource request for URL1 of the first resource provider ( i.e. the software service) ); 
 in response to creating the shadow account, generating authenticated connection information for the software service ( par 0048 The first resource provider of the URL1 begins its authentication procedure and forwards the token to the authentication broker for validation); and
  transmitting the authenticated connection information to the client computing device, wherein the authenticated connection information enables the client computing device to access the software service via an authenticated connection(  0049 If the authentication or authorization procedure of the first resource provider is successful then the client is given access to URL1 (i.e. authenticated connection information)).  

Sim does not discloses based on token, creating a shadow account with the software service that uses password-based authentication for the remote desktop software service, wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 However, Ahmed discloses based on token, creating a shadow account with the software service that uses password-based authentication for the remote desktop software service (fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 and Ahmed discloses in the claim 1, generating, by a computing device, at least one recommendation for a conversion of the at least one shadow account to at least one full account requiring a user password. Wherein generating the shadow account using the password. This can be seen as use a password for creation of the shadow account and Ahmed, col 19, 25-30, process 800 is performed by a remote server, and a method comprises facilitating access, including granting access rights, to an interface to allow access to a service of the remote server via a network). 

 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim.
 	 The combination does not discloses wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 	However, Shen disclose wherein creating the shadow account comprise generating a random password ( claim 1, dynamically generating a random password at an access point device that enables the unregistered user to access a temporary account, i.e. shadow account ), and setting the random password as the password for the shadow account ( claim 1, wherein the temporary account is activated, i.e. setting with random password, with a processor and enables the unregistered user to access the network for only the single session).
 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim, based on the teaching of enabling the temporary account to access by the unregistered user of Shen, doing so would provide on-demand access to a network for a single session ( Shen, clam 1). 

 As per claim 12,  Sim in view of Ahmed in view of Shen discloses the method of Claim 11, the combination discloses wherein creating the shadow account comprises creating a new account with the software service (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 ).  

As per claim 13, Sim in view of Ahmed in view of Shen discloses the method of Claim 11, the combination discloses wherein the authenticated connection information comprises a cookie ( Sim,  0032, geographic location of the subject, network address or domain of the subject, features of the client or user agent (e.g., which web browser and/or version, device identity, device type, operating system, device software and OS patch compliance), a source that redirected to the authentication server to initiate authentication, time of day, day of the week, cookies and their settings).  

As per claim 14, Sim in view of Ahmed in view of Shen discloses the method of Claim 11, the combination discloses wherein the step of redirecting the resource request to the authentication identity provider causes the authentication identity provider (0047, At step A2 the first resource provider optionally issues a redirect to the authentication broker and  Preferably, personal information is either translated to non-personal form or is not shared wherein the request does not include password ) to: 
 validate the user identity information ( Sim, par 0023 access to a given resource by a given end user may depend on a corresponding account or identity being authenticated by the corresponding resource provider 106);
  generate the authentication token (Sim, par 0025  At step B, assuming that the authentication broker 100 authenticated the identity of the end user, then the authentication broker 100 issues an authentication credential such as a token 110 );
 transmit the authentication token to the computer system directly, or indirectly via the client computing device (Sim, par 0026 At step C the client 104 sends a resource request 112 to a resource provider 106. The resource request 112 may include (or be proceeded or followed by) the token 110).
  
 	
As per claim 15, Sim in view of Ahmed in view of Shen discloses the method of Claim 11 further comprising: the combination discloses 
 `authenticating the shadow account with a resource identity provider associated with the software service (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182  ); and if authentication of the shadow account is successful, receiving an additional authentication token from the resource identity provider (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B  ).  

 As per claim 17, Sim in view of Ahmed in view of Shen discloses the method of Claim 11, the combination discloses wherein the resource request is received by the authentication management computer system via a web application ( par 0026, the resource provider receives the resource request 112 and token 110 and begins to perform an authentication procedure to determine whether the client 104 is permitted to access the resource requested by the resource request 112. The resource provider 106 attempts to validate the token 110. Token validation might be proceeded by preliminary authentication measures for identifying risky clients or requests and par 0026, the resource provider with web server with a remote applicant for a consumer service ), and 
wherein the authentication connection information is transmitted to the client computing device via the web application (par 0026 par 0026, the resource provider with web server with a remote applicant for a consumer service and the resource provider receives the resource request 112 and token 110 and begins to perform an authentication procedure to determine whether the client 104 is permitted to access the resource requested by the resource request 112. The resource provider 106 attempts to validate the token 110. Token validation might be proceeded by preliminary authentication measures for identifying risky clients or requests).  

 As per claim 18, Sim discloses a computer system that provides authentication management services, the computer system comprising one or more processors, a network interface, and computer-readable media (Sim, par 0055 random-access memory (RAM) and/or virtual memory storing information such as central processing unit (CPU))comprising:
an authentication management system ( fig.2, authentication server processor); and 
 computer-readable instructions configured to cause the authentication management system to (par 0055 random-access memory (RAM) and/or virtual memory storing information such as central processing unit  and  fig.2, authentication server processor): 
 	receive a resource request from a client computing device, wherein the resource request is directed to a software service (0047, At step A1 the client initiates access by requesting URL1 (the resource could also be a login page of the first resource provider) ); 
 	redirect the resource request to an authentication identity provider, wherein the redirected resource request comprises an authentication request that includes user identity information (0047, At step A2 the first resource provider optionally issues a redirect to the authentication broker and  Preferably, personal information is either translated to non-personal form or is not shared wherein the request does not include password ); 
 	in response to the authentication request, receive an authentication token generated by the authentication identity provider ( par 0048 At step C the authentication broker authenticates the user/client and provides a token); 
in response to receiving the authentication token, create an account with the software service ( par 0048 At step E the client provides the access token in connection with the original resource request for URL1 of the first resource provider ( i.e. the software service));
  in response to creating the account, generate authenticated connection information for the software service (par 0048 The first resource provider of the URL1 begins its authentication procedure and forwards the token to the authentication broker for validation ); and
 transmit the authenticated connection information to the client computing device, wherein the authenticated connection information enables the client computing device to access the software service via an authenticated connection (0049 If the authentication or authorization procedure of the first resource provider is successful then the client is given access to URL1 (i.e. authenticated connection information) ).  
Sim does not discloses based on token, creating a shadow account with the software service that uses password-based authentication, wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 However, Ahmed discloses based on token, creating a shadow account with the software service that uses password-based authentication (fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 and Ahmed discloses in the claim 1, generating, by a computing device, at least one recommendation for a conversion of the at least one shadow account to at least one full account requiring a user password. Wherein generating the shadow account using the password. This can be seen as use a password for creation of the shadow account). 

 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim.
 	 The combination does not discloses wherein creating the shadow account comprise generating a random password, and setting the random password as the password for the shadow account.
 	However, Shen disclose wherein creating the shadow account comprise generating a random password ( claim 1, dynamically generating a random password at an access point device that enables the unregistered user to access a temporary account, i.e. shadow account ), and setting the random password as the password for the shadow account ( claim 1, wherein the temporary account is activated, i.e. setting with random password, with a processor and enables the unregistered user to access the network for only the single session).
 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim, based on the teaching of enabling the temporary account to access by the unregistered user of Shen, doing so would provide on-demand access to a network for a single session ( Shen, clam 1). 
	
As per claim 7, Sim in view of Ahmed in view of Shen discloses the method of Claim 1 further comprising:  the combination discloses
authenticating the shadow account at the resource identity provider (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 ); and 
if authentication of the shadow account is successful, receiving an additional authentication token from the resource identity provider (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A ).  
The combination does not disclose setting a random password for the shadow account at a resource identity provider associated with the software service.
  	However, Shen discloses setting a random password for the shadow account at a resource identity provider associated with the software service ( claim 1, dynamically generating a random password at an access point device that enables the unregistered user to access a temporary account, i.e. shadow account ), and setting the random password as the password for the shadow account ( claim 1, wherein the temporary account is activated, i.e. setting with random password, with a processor and enables the unregistered user to access the network for only the single session).
 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim, based on the teaching of enabling the temporary account to access by the unregistered user of Shen, doing so would provide on-demand access to a network for a single session ( Shen, clam 1). 

 	As per claim 8,  Sim in view of Ahmed in view of Shen discloses the method of Claim 7, wherein the resource identity provider comprises an active directory ( Ahmed, col 10, lines 1-6, the merchant user 201 has an active Service A account 211a and is logged-in with a valid SSO token (e.g., via the authentication server 215a and ID federation gateway 140 ). 

 	As per claim 20, Sim in view of Ahmed in view of Shen discloses the computer system of Claim 19, wherein the computer-readable instructions are further configured to cause the authentication management system to: 
 	authenticate the shadow account at the resource identity provider (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A or Token B instead of an explicit password or other credential and see also fig.9, see also par 0182 ); and if authentication of the shadow account is successful, receiving an additional authentication token from the resource identity provider (Ahmed, fig.4, par 0074   the Service B 203b can created a federated account (e.g., a shadow account) for the user based on, for instance, a username and the Token A ).  
 	Authenticate the account with the resource identity provider( Ahmed, fig.8, in step  801message 600 by the authentication client module 122 on UE 101 to the legacy authentication service and intercepted by the ID federation gateway 140 executing on the same host with the legacy authentication service, i.e. resource identity provider ).
 	The combination does not disclose set a random password for the shadow account at a resource identity provider associated with the software service.
  	However, Shen discloses set a random password for the shadow account at a resource identity provider associated with the software service ( claim 1, dynamically generating a random password at an access point device that enables the unregistered user to access a temporary account, i.e. shadow account ), and setting the random password as the password for the shadow account ( claim 1, wherein the temporary account is activated, i.e. setting with random password, with a processor and enables the unregistered user to access the network for only the single session).
 	It would have been obvious for a person of ordinary skin in the art before the effective filing date of the claimed invention creating the password based shadow account of Ahmed in the accessing resource based on the token of Sim for the purpose of improving an access for determining federated account information associated with the user based, at least in part, on one or more user accounts associated with the federated identity, so that is coordinated across the services to provide a seamless user experience by the Sim, based on the teaching of enabling the temporary account to access by the unregistered user of Shen, doing so would provide on-demand access to a network for a single session ( Shen, clam 1). 
  	As per claim 21, Sim in view of Ahmed in view of Shen discloses the computer system of claim 18, wherein the software service comprise a remote desktop service (Ahmed, col 19, 25-30, process 800 is performed by a remote server, and a method comprises facilitating access, including granting access rights, to an interface to allow access to a service of the remote server via a network).


Allowable Subject Matter
Claims 16 and 22 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Example, all the claims are incorporated into the independent claims. 



Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Bagley US 2006/0080545 discloses 21, wherein the service provider receives the authentication service identifier for the client over a secure connection that authenticates the identity of the service provider to the authentication service. 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495