DETAILED ACTION
This is a final Office action in response to communications received on 11/10/2020.  Claims 1-2, 4-6, 8-9, 11, 13, 15-16, 18 and 20 were amended. Claims 1-20 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner Note
1.	Examiner notes that the “computer readable storage medium” as claimed in claim 8 is described in paragraph [0034] of the specification as “not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire”. Examiner has considered this definition in regards to claim interpretation.

Response to Arguments
Applicant’s amendments, filed 11/10/2020, to claims 1 and 4 removing the limitation “cloud application not configured in the plugin” is sufficient to overcome the objection to the aforementioned claims.  Accordingly, the objection to claims 1 and 4, as filed in (3) of the Non-Final Office action filed 8/27/2020, is withdrawn.  
Applicant’s remarks, filed 11/10/2020, regarding the objection to claims 2, 9 and 16 have been found persuasive.  Accordingly, the objection to claims 2, 9 and 16, as filed in (3) of the Non-Final Office action filed 8/27/2020, is withdrawn.  
Applicant’s amendments, filed 11/10/2020, to claim 15 reciting “a processor and a memory” remedy the claim not explicitly listing what hardware/elements the system itself actually comprises and are sufficient to overcome the rejection to the aforementioned claim. Accordingly, the rejection of claims 15-20 under 101, as filed in (4) of the Non-Final Office action filed 8/27/2020, is withdrawn.  
Applicant’s arguments regarding the rejection under 35 U.S.C. 103 of the claims under Thampy and Olden have been considered, and are found unpersuasive.
Applicant argues on page 11 of the Remarks, filed 11/10/2020, the cited prior art fail to teach or suggest “providing each of the plurality of cloud applications with the identity token” as recited in claim 1 because “the session token is only provided to the request interceptor, not provided to all the multiple resources”. However, Examiner respectfully disagrees. Olden teaches, in paragraphs [0078]-[0080], that the request interceptor functions to receive requests to access the resource (i.e. cloud application). Because the request interceptor does not represent any other element from the independent claim, and because the request interceptor functions in conjunction with the resource to handle requests and receive session tokens, the combined elements of the request interceptor and the resource may be understood to represent the cloud application as claimed in the instant application.
Applicant argues on page 11 of the Remarks, filed 11/10/2020, that “the Examiner interpreted "identity provider" of claim 1 as "cloud provider" of Thampy. 
Applicant’s arguments in the Remarks, filed 11/10/2020, with respect to the claims rejected under 103 have been fully considered but are considered moot because the amendments to claims 1, 8 and 15 require new grounds of rejection necessitated by amendments.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Consequently, the rejection of the claims under 35 U.S.C. 103 is sustained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 5-9, 12-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Thampy (US 2019/0068627 A1), further in view of Olden (US 2009/0249439 A1), further in view of Cookson (US 2012/0185874 A1).
 Regarding claim 1, Thampy teaches the limitations of claim 1 substantially as follows:
A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement the method for enabling cloud applications to act on behalf of a user, the method comprising: (Thampy; Paras. [0039] & [0192]: The process (i.e. method) is implemented by a combination of processing units (i.e. processors) and software stored in memory (i.e. memory comprising instructions), the instructions being executed by the processors to implement the process of cloud applications capturing events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
adding names of a plurality of cloud applications and names of a plurality of identity providers in the plugin; (Thampy; Paras. [0002], [0115]: management platform configures plurality of cloud applications and cloud providers (i.e. names of identity providers) for platform as a service (PaaS) as software as a service (SaaS) with plug-in interfaces)
authenticating, by the processor, a user identity by [[a]] one of the plurality of cloud applications through one of the plurality of identity providers; (Thampy; Paras. [0115], [0186], [0192]: authenticating a tenant/user as authorized (i.e. user identity) by a cloud beacon (i.e. cloud application) of a cloud provider (i.e. identity provider))
generating, by the one of the plurality of identity providers, an identity token responsive to authentication of the one of the plurality of cloud applications (Thampy; Para. [0186]: generating, by the cloud provider (i.e. identity providers), a token (i.e. identity token) responsive to authorizing/authenticating the cloud application to connect to the cloud provider)
acting, by any of the plurality of (Thampy; Para. [0192]: Cloud applications capture events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
Thampy does not teach the limitations of claim 1 as follows:
providing, by the processor, a browser plugin integrated with a web browser; 
names of a plurality of cloud applications in the browser plugin; 
monitoring, by the browser plugin, browser activities made by the user; 
providing, by the one of the plurality of identity providers, each of the plurality of 
However, in the same field of endeavor, Olden discloses the limitations of claim 1 as follows:
providing, by the one of the plurality of identity providers, each of the plurality of (Olden; Paras [0078]-[0080]: identity router (i.e. identity provider) provides the session token  (i.e. identity token) to the request interceptor of the resource of multiple resources being accessed (i.e. plurality of cloud applications))
Olden is combinable with Thampy because both are from the same field of endeavor of authentication in a single sign on service. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Thampy to incorporate the provision of multiple accessed resources with a session token for authentication in order to improve the security of the 
Thampy and Olden do not teach the limitations of claim 1 as follows:
providing, by the processor, a browser plugin integrated with a web browser; 
names of a plurality of cloud applications in the browser plugin; 
monitoring, by the browser plugin, browser activities made by the user; 
However, in the same field of endeavor, Cookson discloses the limitations of claim 1 as follows:
providing, by the processor, a browser plugin integrated with a web browser; (Cookson; Para. [0026]: The invoking application may be a plugin in a web browser (i.e. browser plugin integrated with a web browser))
names of a plurality of cloud applications in the browser plugin; (Cookson; Paras. [0026]-[0027]: A list of cloud applications (i.e. names of a plurality of cloud applications) compatible with the local application (i.e. browser plugin))
monitoring, by the browser plugin, browser activities made by the user; (Cookson; Paras. [0014]-[0015] & [0026]: The application/plugin in the web browser collects data (i.e. monitoring, by the browser plugin) from an accessed webpage (i.e. browser activities made by the user))
Cookson is combinable with Thampy and Olden because all are from the same field of endeavor of access to applications from a user application. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Thampy and Olden to incorporate the web browser type plugin as the user application in order to expand the functionality of 

Regarding claims 2, 9 and 16, Thampy, Olden and Cookson teach the computer implemented method of claim 1, the computer program product of claim 8 and the system of claim 15.
Thampy teaches the limitations of claims 2, 9 and 16 as follows:
wherein at least one of the plurality of (Thampy; Paras. [0051] & [0053]-[0054]: The management platform provides a user interface to manage security control settings for cloud applications/services (the interface is not a part of the cloud application) (i.e. cloud applications has no browser user interface) the management platform communicating with the services (i.e. user acts indirectly with the at least one of the plurality of cloud applications))

Regarding claims 5, 12 and 19, Thampy, Olden and Cookson teach the computer implemented method of claim 2, the computer program product of claim 9 and the system of claim 16.
Thampy teaches the limitations of claims 5, 12 and 19 as follows:
wherein the one of the plurality of identity providers enable Single Sign-On (SSO) through Security Assertion Markup Language (SAML), or Open Authentication (OAuth).  (Thampy; Paras. [0108] & [0132]: cloud applications (i.e. identity providers) are provided in a single sign on service using OAuth for authorization)

Regarding claim 6, Thampy, Olden and Cookson teach the limitations of claim 2.
Thampy teaches the limitations of claim 6 as follows:
The method as recited in claim 2, wherein the one of the plurality of cloud applications (Thampy; Paras. [0146] & [0192]: Activity monitored by a cloud beacon (i.e. cloud application) is an email (i.e. email application))

Regarding claim 7, Thampy, Olden and Cookson teach the limitations of claim 6.
Thampy teaches the limitations of claim 7 as follows:
The method as recited in claim 6, wherein the email application or the instant messaging application has a browser user interface, and the user directly interacts with the email application or the instant messaging application.  (Thampy; Para. [0249]: The email (i.e. email application) has a means by which a user may check emails (i.e. browser user interface, and the user directly interacts with the email application))

Regarding claim 8, Thampy teaches the limitations of claim 8 substantially as follows:
A computer program product for enabling cloud applications to act on behalf of a user, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processor to cause the processor to: (Thampy; Paras. [0039] & [0192]: Software stored in memory (i.e. computer program product comprising a computer readable storage medium having program instructions), the instructions being executed by the processors to implement the process of cloud applications capturing events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
add names of a plurality of cloud applications and a name of an identity provider in the plugin; wherein the plurality of (Thampy; Paras. [0002], [0115]: management platform configures plurality of cloud applications and cloud providers (i.e. name of an identity provider) for platform as a service (PaaS) as software as a service (SaaS) with plug-in interfaces)
authenticate a user identity through one of the plurality of (Thampy; Paras. [0115], [0186], [0192]: authenticating a tenant/user as authorized (i.e. user identity) for cloud applications of a cloud provider (i.e. through one of the plurality of applications))
generate, by the identity provider, an identity token responsive to authentication; (Thampy; Para. [0186]: generating, by the cloud provider (i.e. identity providers), a token (i.e. identity token) responsive to authorizing/authenticating the cloud application to connect to the cloud provider)
act, by any of the plurality of (Thampy; Para. [0192]: Cloud applications capture events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
Thampy does not teach the limitations of claim 8 as follows:
provide a browser plugin integrated with a web browser; 
names of a plurality of cloud applications in the browser plugin 
monitor, by the browser plugin, browser activities made by the user; 
provide, by the identity provider, each of the plurality of 
However, in the same field of endeavor, Olden discloses the limitations of claim 8 as follows:
provide, by the identity provider, each of the plurality of (Olden; Paras [0078]-[0080]: identity router (i.e. identity provider) provides the session token  (i.e. identity token) to the request interceptor of the resource of multiple resources being accessed (i.e. plurality of cloud applications))
Olden is combinable with Thampy because both are from the same field of endeavor of authentication in a single sign on service. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Thampy to incorporate the provision of multiple accessed resources with a session token for authentication in order to improve the security of the system by providing a means by which multiple resources may authorize access using a single session key.

provide a browser plugin integrated with a web browser; 
names of a plurality of cloud applications in the browser plugin 
monitor, by the browser plugin, browser activities made by the user; 
However, in the same field of endeavor, Cookson discloses the limitations of claim 8 as follows:
provide a browser plugin integrated with a web browser; (Cookson; Para. [0026]: The invoking application may be a plugin in a web browser (i.e. browser plugin integrated with a web browser))
names of a plurality of cloud applications in the browser plugin (Cookson; Paras. [0026]-[0027]: A list of cloud applications (i.e. names of a plurality of cloud applications) compatible with the local application (i.e. browser plugin))
monitor, by the browser plugin, browser activities made by the user; (Cookson; Paras. [0014]-[0015] & [0026]: The application/plugin in the web browser collects data (i.e. monitoring, by the browser plugin) from an accessed webpage (i.e. browser activities made by the user))
Cookson is combinable with Thampy and Olden because all are from the same field of endeavor of access to applications from a user application. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Thampy and Olden to incorporate the web browser type plugin as the user application in order to expand the functionality of the system by providing a means by which the user application may also be implemented in a web browser environment.

Regarding claim 13, Thampy, Olden and Cookson teach the limitations of claim 9.
Thampy teaches the limitations of claim 13 as follows:
The computer program product as recited in claim 9, wherein the one of the plurality of (Thampy; Paras. [0146] & [0192]: Activity monitored by a cloud beacon embedded in a cloud service (i.e. cloud application) is an email (i.e. email application))

Regarding claim 14, Thampy, Olden and Cookson teach the limitations of claim 13.
Thampy teaches the limitations of claim 14 as follows:
The computer program product as recited in claim 13, wherein the email application or the instant messaging application has a browser user interface, and the user directly interacts with the email application or the instant messaging application.  (Thampy; Para. [0249]: The email (i.e. email application) has a means by which a user may check emails (i.e. browser user interface, and the user directly interacts with the email application))

Regarding claim 15, Thampy teaches the limitations of claim 15 substantially as follows:
A system for enabling cloud applications to act on behalf of a user, comprising: (Thampy; Paras. [0039] & [0192]: A system implemented by a combination of processing units (i.e. processors) and software stored in memory, the instructions being executed by the processors to implement the process of cloud applications capturing events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
a processor and a memory comprising instructions, which are executed by the processor to cause the processor to: (Thampy; Para. [0039]: software stored in a memory executed by a processor to execute processes of the system)
add names of a plurality of cloud applications and a name of an identity provider in the plugin; (Thampy; Paras. [0002], [0115]: management platform configures plurality of cloud applications and cloud providers (i.e. name of an identity provider) for platform as a service (PaaS) as software as a service (SaaS) with plug-in interfaces)
wherein the plurality of  (Thampy; Paras. [0002], [0115]: management platform configures plurality of cloud applications and cloud providers (i.e. cloud applications are associated with the identity provider) for platform as a service (PaaS) as software as a service (SaaS) with plug-in interfaces)
authenticate a user identity through one of the plurality of (Thampy; Paras. [0115], [0186], [0192]: authenticating a tenant/user as authorized (i.e. user identity) for cloud applications of a cloud provider (i.e. through one of the plurality of cloud applications))
generate, by the identity provider, an identity token responsive to authentication; (Thampy; Para. [0186]: generating, by the cloud provider (i.e. identity providers), a token (i.e. identity token) responsive to authorizing/authenticating the cloud application to connect to the cloud provider)
act, by any of the plurality of  (Thampy; Para. [0192]: Cloud applications capture events and activities for the tenants/users (i.e. act on behalf of the user) with the tokens)
Thampy does not teach the limitations of claim 15 as follows:
a browser plugin integrated with a web browser; [[and]] 
names of a plurality of cloud applications in the browser plugin 
monitor, by the browser plugin, browser activities made by the user; 
provide, by the identity provider, each of the plurality of 
However, in the same field of endeavor, Olden discloses the limitations of claim 15 as follows:
provide, by the identity provider, each of the plurality of (Olden; Paras [0078]-[0080]: identity router (i.e. identity provider) provides the session token  (i.e. identity token) to the request interceptor of the resource of multiple resources being accessed (i.e. plurality of cloud applications))

Thampy and Olden do not teach the limitations of claim 15 as follows:
a browser plugin integrated with a web browser; [[and]] 
names of a plurality of cloud applications in the browser plugin 
monitor, by the browser plugin, browser activities made by the user; 
However, in the same field of endeavor, Cookson discloses the limitations of claim 15 as follows:
a browser plugin integrated with a web browser; [[and]] (Cookson; Para. [0026]: The invoking application may be a plugin in a web browser (i.e. browser plugin integrated with a web browser))
names of a plurality of cloud applications in the browser plugin (Cookson; Paras. [0026]-[0027]: A list of cloud applications (i.e. names of a plurality of cloud applications) compatible with the local application (i.e. browser plugin))
monitor, by the browser plugin, browser activities made by the user; (Cookson; Paras. [0014]-[0015] & [0026]: The application/plugin in the web browser collects data (i.e. monitoring, by the browser plugin) from an accessed webpage (i.e. browser activities made by the user))


Regarding claim 20, Thampy, Olden and Cookson teach the limitations of claim 16.
Thampy teaches the limitations of claim 20 as follows:
The system as recited in claim 16, wherein the one of the plurality of (Thampy; Paras. [0146] & [0192]: Activity monitored by a cloud beacon embedded in a cloud service (i.e. configured cloud application) is an email (i.e. email application))
having a browser user interface, and the user directly interacts with the email application or the instant messaging application.  (Thampy; Para. [0249]: The email (i.e. email application) has a means by which a user may check emails (i.e. browser user interface, and the user directly interacts with the email application))

Claims 3-4, 10-11 and 17-18, are rejected under 35 U.S.C. 103 as being unpatentable over Thampy (US 2019/0068627 A1), further in view of Olden (US .
 Regarding claims 3, 10 and 17, Thampy, Olden and Cookson teach the computer implemented method of claim 2, the computer program product of claim 9 and the system of claim 16.
Thampy, Olden and Cookson do not teach the limitations of claims 3, 10 and 17 as follows:
wherein the identity token expires within a predetermined time period. 
Ragusa teaches the limitations of claims 5, 12 and 19 as follows:
wherein the identity token expires within a predetermined time period.  (Ragusa; Para. [0069]: A session token (i.e. identity token) has an associated expiration time (i.e. expires within a predetermined time period))
Ragusa is combinable with both Thampy, Olden and Cookson because all are from the same field of endeavor of use of a web service for access to application services. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Thampy, Olden and Cookson to incorporate the refreshable session token expiration time of Ragusa in order to improve the security of the system by providing a means by which a token in use may expire after a predetermined period of time.

Regarding claims 4, Thampy, Olden, Cookson and Ragusa teach the limitations of claim 3.
Ragusa teaches the limitations of claim 4 as follows:
The method as recited in claim 3, further comprising: refreshing, by the processor, the identity token within the predetermined time period by interacting with any of the plurality of the cloud applications (Ragusa; Paras. [0054] & [0069]: Refreshing the expiration time of a session token (i.e. refreshing the identity token within the predetermined time period) whenever the session token is used to communication with a web service (not necessarily associated with a plug-in) (i.e. interaction with the cloud application))
the applications having a browser user interface (Thampy; Para. [0249]: The email application (i.e. application) has a means by which a user may check emails (i.e. browser user interface))
The same motivation to combine as in claim 3 is applicable to the instant claim.

Regarding claims 11 and 18, Thampy, Olden, Cookson and Ragusa teach the computer program product of claim 10 and the system of claim 17.
Ragusa teaches the limitations of claims 11 and 18 as follows:
refresh the identity token within the predetermined time period by interacting with any of the plurality of  (Ragusa; Paras. [0054] & [0069]: Refreshing the expiration time of a session token (i.e. refresh the identity token within the predetermined time period) whenever the session token is used to communication with a web service (i.e. interaction with any of the plurality of cloud applications))
The same motivation to combine as in claims 10 and 17 are applicable to the instant claims.

Prior Art Considered But Not Relied Upon
	Chan (US 2004/0123144 A1), which teaches utilizing intercepted forms for authorization in a single sign on service.

Conclusion
For the above-stated reasons, claims 1-20 are rejected.
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office action.
Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/B.I.N./Examiner, Art Unit 2438

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498