DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of Claims
This Office Action is in response to the amendment filed 11/23/2020.
Claims 1-18 are currently amended claims. Claims 1-20 are pending and considered.
Response to Amendments
The objection of claims 1-18 due to informalities has been withdrawn in light of applicant’s amendment to the claims, further in light of examiner’s amendments below.
Response to Argument
Applicant’s argument, see pages 7-8 of the Remark filed 11/23/2020, with respect to claims over prior arts have been fully considered and are persuasive, further in view of the examiner’s amendments below. Upon examiner’s updated search on the features recited in the claims, examiner believes the case is in condition for allowance. Therefore the rejection under 35 U.S.C. 103 of claims 1-20 has been withdrawn.
Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The present invention is directed towards a system and method to authenticate a first principal with request of permission to access a second principal’s account with a second authenticated session based on encrypted token within a first authenticated session using an 
Claim 1 (similarly claims 13, and 18) identifies the uniquely distinct features: 
“delivering an access link to the first principal within the first authenticated session in response to the permission received back from the second principal; authenticating a second session for access by the first principal to an account of the second principal and in response to an activated access link that is activated by the first principal within the first authenticated session by processing  an encrypted token included within the activated access link and authenticating the first principal and a first principal device operated by the first principal for the second session based on the encrypted token, wherein the authenticating further includes obtaining access permissions linked to the encrypted token and enforcing the access permissions during the second session that were defined in the permission provided by the second principal, wherein the access permissions include limited read access to first account resources associated with the account during the second session and wherein the access permissions include limited write access to second account resources associated with the account during the second session, wherein the authenticating further includes not authorizing access by the first principal to the account of the second principal when the activated access link is activated outside the first authenticated session” in combination with all the additional limitations recited in the independent claims.

Baer et al (US 8,955,149B1) discloses system and method for granting permission to another user on a computer network to impersonate himself or herself on the network for duration of a specified period. In particular Baer teaches granting permission to the service engineer (technical support representative) to access his/her account with limited access permission such as read but not written permission.
The prior art, Tullis (US20130311360A1) discloses a system and method for enabling safe and efficient money transfer between a sender and a beneficiary with transmitting and disbursing agents. In particular, Tullis teaches including agent’s name, contact and location information as authentication and trust mechanism for fund transfer.
The prior art, Kong et al (US20180191700A1) discloses method for maintaining a web session for a user with multiple session using access tokens. In particular, Kong teaches implementing the authentication measure with multiple sessions with two-token based authenticated session management to allow user for efficient control over the access privileges.
The prior art, Stiegler et al (US20070050369A1) discloses method for intercepting a request for an operation on a file in a restricted user account and determining whether the request is acceptable. In particular, Stiegler teaches controlling access permission to access files as computer resources with restricted user account and limiting an application to the resources to protect from a malicious application and confining the application to run within the restricted user account.
The prior art, Priebatsch (US20150242850A1) discloses system and method to authorize a request manager to access a resource using a facilitation token as permission management. In 

The prior arts, either singularly or in combination, fails to anticipate or render the limitations of claim 1 (similarly claims 13, and 18) that identifies the uniquely distinct features: “delivering an access link to the first principal within the first authenticated session in response to the permission received back from the second principal; authenticating a second session for access by the first principal to an account of the second principal and in response to an activated access link that is activated by the first principal within the first authenticated session by processing  an encrypted token included within the activated access link and authenticating the first principal and a first principal device operated by the first principal for the second session based on the encrypted token, wherein the authenticating further includes obtaining access permissions linked to the encrypted token and enforcing the access permissions during the second session that were defined in the permission provided by the second principal, wherein the access permissions include limited read access to first account resources associated with the account during the second session and wherein the access permissions include limited write access to second account resources associated with the account during the second session, wherein the authenticating further includes not authorizing access by the first principal to the account of the second principal when the activated access link is activated outside the first authenticated session”.
Regarding the dependent claims: dependent claims 2-12, 14-17 and 19-20 are also allowed for incorporating the allowable feature recited in the respective independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Examiner’s Amendment
The application has been amended as follows: 
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Joseph Mehrle (612-373-6900) on 12/21/2020.

PLEASE AMEND THE CLAIMS AS FOLLOWS:
1.	(Currently Amended) A method, comprising:
providing executable instructions to a hardware processor from a non-transitory computer-readable storage medium of a server causing the hardware processor to perform operations comprising:
receiving an access request from a first principal during a first authenticated session with the first principal;	requesting a permission from a second principal associated with the access request and providing the second principal with contact details associated with the first 

2.	(Currently Amended) The method of claim 1, wherein the receiving further includes validating that the first principal is authenticated for making the access request.



4.	(Previously Presented) The method of claim 3, wherein the sending further includes providing identifying information for the first principal through the interface.

5.	(Previously Presented) The method of claim 4, wherein the providing further includes obtaining access restrictions for the second session from the second principal.

6.	(Previously Presented) The method of claim 1, wherein the delivering further includes defining access restrictions for the second session.

7.	(Previously Presented) The method of claim 6, wherein the defining further includes setting an elapsed period of time for raising the termination event.

8.	(Previously Presented) The method of claim 7, wherein the setting further includes defining a second elapsed period of time and starting a clock for the second period of elapsed time in response to delivering the access link to the first principal.



10.	(Previously Presented) The method of claim 1, wherein the authenticating further includes initiating an auditing service to track resources accessed and resources processed during the second session by the first principal.

11.	(Previously Presented) The method of claim 1, wherein the terminating further includes detecting the termination event in response to the second session ending with the first principal.

12.	(Previously Presented) The method of claim 1, wherein the terminating further includes detecting the termination event in response to a configured period of time elapsing from when the second session started.

13.	(Currently Amended) A method, comprising:
providing executable instructions to a hardware processor from a non-transitory computer-readable storage medium of a server causing the hardware processor to perform operations comprising:
authenticating a remote service engineer during a first authenticated session;	receiving from the remote service engineer during the first authentication 

14.	(Previously Presented) The method of claim 13, wherein the requesting further includes obtaining the access permissions for the remote service engineer from the permission received from the user.

15.	(Previously Presented) The method of claim 13, wherein the providing further includes including in the access link the encrypted token, and wherein the encrypted token is linked to the access permissions that are enforced during the second authenticated session.

16.	(Previously Presented) The method of claim 13, wherein the authenticating further includes verifying that the first authenticated session is active and in progress.

17.	(Previously Presented) The method of claim 13, wherein the sending further includes providing a reference link with the termination notification that links to a log or summary of a log that includes actions taken by the remote service engineer during the second authenticated session.

18.	(Currently Amended) A system[[ ]], comprising:	a server; and

19.	(Previously Presented) The system of claim 18, wherein the remote authenticator is further configured, in (iv), to: embed a reference that links to the access permissions within the limited-access link.

20.	(Previously Presented) The system of claim 18, wherein the remote authenticator is further configured to: (v) send a summary to the user in response to the second authenticated session terminating, wherein during the second authenticated session the remote service engineer accesses the account.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL M LEE/Examiner, Art Unit 2436    
/KENDALL DOLLY/Primary Examiner, Art Unit 2436