DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement
The Information Disclosure Statement filed on August 27, 2019 has been considered by the examiner.

Specification
The title of the invention is not descriptive.  A new title is required that is clearly indicative of the invention to which the claims are directed. 

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. 	Determining the scope and contents of the prior art.
2. 	Ascertaining the differences between the prior art and the claims at issue.
3. 	Resolving the level of ordinary skill in the pertinent art.
4. 	Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-5, 9, 10, 14, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ge et al. (Pub. No. US 2015/0163377) in view of COOLEY et al. (Pub. No. US 2009/0228978).

Claim 1:
An information processing system including a plurality of information processing devices each of which is accessible using first authentication information that is given to each of users, that varies among the users, and that is common to the plurality of information processing devices, access to a specific service from an accessed information processing device among the plurality of information processing devices being permitted using second authentication information that is given for the specific service to each of the users and that varies among the users, the information processing system comprising [pars. 0027, 0051, 0062, 0071 – A number of users, credentials, clients, servers, and applications/services]: 
a display controller that, in a case where first access permission information that corresponds to the first authentication information used to access the accessed information processing device and that is for permitting access to the specific [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0077 – The user is prompted to login if credentials associated with the user key are not located in the data store for the application. (“In response to determining that the information pair (i.e., the username and domain information obtained in step S503) does not match a key stored in the data store (No in step S604), the process advances to step S605” … “For example, in response to the application 406 not finding a match for the information pair, the application 406 may initiate a login process for the user to manually login to the application 406. The application 406 may prepare and cause to be displayed information indicating to the user that the user should provide one or more credentials to login to the application 406, for example”)]; and 
a storage controller that, in a case where the first access permission information is stored in the storage unit and in a case where authentication information input from the input screen matches the second authentication information that is predetermined, permits access to the specific service and performs control to cause the storage unit to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0080 – When the stored credentials retrieved from the datastore fail authentication, the user is prompted to re-enter the credentials (“In step S608, the application 406 executes operations in response to the authentication failure. For example, the application 406 may prepare and cause to be displayed information indicating to the user that authentication has failed or that the user is denied access to one or more resources of the application 406. The displayed information may include a request that the user provide one or more credentials, for example.”).].
However, Ge et al. do not specifically disclose:
the storage controller performs control to cause the storage unit to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [Ge et al. disclose prompting the user for credentials when authentication fails but do not specifically disclose storing the updated credentials. Examiner believes that the updated credentials would be stored, as the invention of Ge et al. is directed towards simplifying the sign in process, however, in the interest of compact prosecution, a further reference is being provided].
In the same field of endeavor, COOLEY et al. disclose:
the storage controller performs control to cause the storage unit to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [par. 0019 – Updated credentials are stored (“If a login attempt using previously saved credentials 103 fails, the login credentials manager  determines that the credentials 103 have been updated subsequent to the time they were saved, and thus the updated credentials 103 need to be entered and stored”).].
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ge et al. to include updating stored credentials when authentication fails, as taught by COOLEY et al., in order to allow the user to continue to benefit from the convenience of single sign on when saved credentials are no longer valid.

Claim 2 (as applied to claim 1 above):
Ge et al. disclose:
wherein the storage controller permits access to the specific service in a case where the first access permission information that has been obtained is correct [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0081 – The user is granted access when the stored credential is successfully authenticated. (“Based on the authentication success response, the application 406 determines the credentials are valid (Yes in step S607), and the process continues to step S609. In step S609, the application 406 grants access to the application 406”)].

Claim 3 (as applied to claim 1 above):
Ge et al. disclose:
wherein the storage controller permits access to the specific service in a case where second access permission information having an effective period and obtained from the first access permission information that has been obtained is correct [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0080 – When the stored credentials retrieved from the datastore fail authentication, the user is prompted to re-enter the credentials (“In step S608, the application 406 executes operations in response to the authentication failure. For example, the application 406 may prepare and cause to be displayed information indicating to the user that authentication has failed or that the user is denied access to one or more resources of the application 406. The displayed information may include a request that the user provide one or more credentials, for example.”). Obtained from the first access permission information is being interpreted as being obtained from the first permission information being invalid, rather than being some sort of transformation or derivation of the first permission information. Having an effective period is being interpreted as credentials are effective as long as they remain stored in the data store and successfully authenticate.].

Claim 4 (as applied to claim 1 above):
Ge et al. disclose:
wherein the information processing system permits access to the storage unit using third authentication information that is given for the specific service to a [figs. 5-6; pars. 0051, 0057-0058, 0065-0081, particular attention to fig. 6, pars. 0051, 0057, 0077 – The user is prompted to login if credentials associated with the user key are not located in the data store for the application. (“In response to determining that the information pair (i.e., the username and domain information obtained in step S503) does not match a key stored in the data store (No in step S604), the process advances to step S605” … “For example, in response to the application 406 not finding a match for the information pair, the application 406 may initiate a login process for the user to manually login to the application 406. The application 406 may prepare and cause to be displayed information indicating to the user that the user should provide one or more credentials to login to the application 406, for example”). The user may belong to a company (“For example, the login application might use a smart card login method to long in a user to a company’s own WINDOWS domain system”) and there are a number of applications (“A listing of application and/or systems configured to receive the log-in event notifications may be stored at the device login application 405 and/or the authentication service 402.”)].

Claim 5 (as applied to claim 4 above):
Ge et al. disclose:
wherein the information processing system permits access to the storage unit in a case where third access permission information having an effective period and [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0079 – When a match is found for the key pair, the datastore is accessed to retrieve the credentials for the application (“In step S606, the application 406 retrieves from the data store the credentials associated with the username and domain information”). Having an effective period is being interpreted as credentials are effective as long as they remain stored in the data store and successfully authenticate.].

Claim 9 (as applied to claim 1 above):
Ge et al. disclose:
wherein the storage controller performs control to cause the storage unit to store the first access permission information as a value corresponding to a character string generated from the first authentication information [fig. 5; par. 0071 – The credentials may be stored as plain text or encrypted prior to storing in the database (“In step S506, the application 406 associates the username and domain information obtained in step S502 with the credentials received in step S503 in a data store” … “In addition to storing the key and credentials in the database, the application 406 may also encrypt the information in the database, including the key and the credentials.”)].

Claim 10 (as applied to claim 9 above):
Ge et al. disclose:
wherein the character string is any one of a first character string included in the first authentication information, a hash value of the first character string, a second character string included in the first authentication information and different from the first character string, a hash value of the second character string, a third character string obtained by combining the first character string and the second character string, and a hash value of the third character string [fig. 5; par. 0071 – The credentials may be stored as plain text or encrypted prior to storing in the database (“In step S506, the application 406 associates the username and domain information obtained in step S502 with the credentials received in step S503 in a data store” … “In addition to storing the key and credentials in the database, the application 406 may also encrypt the information in the database, including the key and the credentials.”)].

Claim 14:
A non-transitory computer readable medium storing a program causing a computer to execute a process for information processing in an information processing system including a plurality of information processing devices each of which is accessible using first authentication information that is given to each of users, that varies among the users, and that is common to the plurality of information processing devices, access to a specific service from an accessed information processing device among the plurality of information processing devices being permitted using second authentication information that is given for the specific service to each of the users and that varies among the [pars. 0027, 0051, 0062, 0071 – A number of users, credentials, clients, servers, and applications/services]: 
in a case where first access permission information that corresponds to the first authentication information used to access the accessed information processing device and that is for permitting access to the specific service is not stored in a storage unit, performing control to display an input screen for inputting the second authentication information for accessing the specific service [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0077 – The user is prompted to login if credentials associated with the user key are not located in the data store for the application. (“In response to determining that the information pair (i.e., the username and domain information obtained in step S503) does not match a key stored in the data store (No in step S604), the process advances to step S605” … “For example, in response to the application 406 not finding a match for the information pair, the application 406 may initiate a login process for the user to manually login to the application 406. The application 406 may prepare and cause to be displayed information indicating to the user that the user should provide one or more credentials to login to the application 406, for example”)]; and
in a case where the first access permission information is stored in the storage unit and in a case where authentication information input from the input screen matches the second authentication information that is predetermined, permitting access to the specific service [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0080 – When the stored credentials retrieved from the datastore fail authentication, the user is prompted to re-enter the credentials (“In step S608, the application 406 executes operations in response to the authentication failure. For example, the application 406 may prepare and cause to be displayed information indicating to the user that authentication has failed or that the user is denied access to one or more resources of the application 406. The displayed information may include a request that the user provide one or more credentials, for example.”).].
However, Ge et al. do not specifically disclose:
performing control to cause the storage unit to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [Ge et al. disclose prompting the user for credentials when authentication fails but do not specifically disclose storing the updated credentials. Examiner believes that the updated credentials would be stored, as the invention of Ge et al. is directed towards simplifying the sign in process, however, in the interest of compact prosecution, a further reference is being provided].
In the same field of endeavor, COOLEY et al. disclose:
performing control to cause the storage unit to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [par. 0019 – Updated credentials are stored (“If a login attempt using previously saved credentials 103 fails, the login credentials manager  determines that the credentials 103 have been updated subsequent to the time they were saved, and thus the updated credentials 103 need to be entered and stored”).].
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Ge et al. to include updating stored credentials when authentication fails, as taught by COOLEY et al., in order to allow the user to continue to benefit from the convenience of single sign on when saved credentials are no longer valid.

Claim 15:
Ge et al. disclose an information processing system including a plurality of information processing devices each of which is accessible using first authentication information that is given to each of users, that varies among the users, and that is common to the plurality of information processing devices, access to a specific service from an accessed information processing device among the plurality of information processing devices being permitted using second authentication information that is given for the specific service to each of the users and that varies among the users, the information processing system comprising [pars. 0027, 0051, 0062, 0071 – A number of users, credentials, clients, servers, and applications/services]: 
display control means for, in a case where first access permission information that corresponds to the first authentication information used to access the accessed information processing device and that is for permitting access to the [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0077 – The user is prompted to login if credentials associated with the user key are not located in the data store for the application. (“In response to determining that the information pair (i.e., the username and domain information obtained in step S503) does not match a key stored in the data store (No in step S604), the process advances to step S605” … “For example, in response to the application 406 not finding a match for the information pair, the application 406 may initiate a login process for the user to manually login to the application 406. The application 406 may prepare and cause to be displayed information indicating to the user that the user should provide one or more credentials to login to the application 406, for example”)]; and 
storage control means for, in a case where the first access permission information is stored in the storage means and in a case where authentication information input from the input screen matches the second authentication information that is predetermined, permitting access to the specific service [figs. 5-6; pars. 0065-0081, particular attention to fig. 6, par. 0080 – When the stored credentials retrieved from the datastore fail authentication, the user is prompted to re-enter the credentials (“In step S608, the application 406 executes operations in response to the authentication failure. For example, the application 406 may prepare and cause to be displayed information indicating to the user that authentication has failed or that the user is denied access to one or more resources of the application 406. The displayed information may include a request that the user provide one or more credentials, for example.”).]
However, Ge et al. do not specifically disclose:
the storage control means for performing control to cause the storage means to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [Ge et al. disclose prompting the user for credentials when authentication fails but do not specifically disclose storing the updated credentials. Examiner believes that the updated credentials would be stored, as the invention of Ge et al. is directed towards simplifying the sign in process, however, in the interest of compact prosecution, a further reference is being provided].
In the same field of endeavor, COOLEY et al. disclose:
the storage control means for performing control to cause the storage means to store new first access permission information for the specific service in association with the first authentication information used to access the accessed information processing device [par. 0019 – Updated credentials are stored (“If a login attempt using previously saved credentials 103 fails, the login credentials manager  determines that the credentials 103 have been updated subsequent to the time they were saved, and thus the updated credentials 103 need to be entered and stored”).].
.

Claims 6 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ge et al. (Pub. No. US 2015/0163377) in view of COOLEY et al. (Pub. No. US 2009/0228978) as applied to claim 1 above, and further in view of Kawano et al. (Pub. No. US 2008/0022099).

Claim 6 (as applied to claim 1 above):
Ge et al. disclose:
wherein the information processing system includes, as the storage unit, a plurality of storage devices including a first storage device disposed outside the plurality of information processing devices [fig. 10; par. 0150 – Storage 1003].
However, Ge et al. and COOLEY et al. do not specifically disclose:
a second storage device disposed in each of the plurality of information processing devices [Ge et al. disclose a number of clients but are silent regarding the structure of the clients].
In the same field of endeavor, Kawano et al. disclose:
a second storage device disposed in each of the plurality of information processing devices [fig. 1; par. 0044 – HDD 39].


Claim 13 (as applied to claim 1 above):
Ge et al. and COOLEY et al. disclose all the limitations above but do not specifically disclose:
wherein the display controller and the storage controller are disposed outside the plurality of information processing devices [Ge et al. disclose clients, servers, domains, and that the system may use Windows NT LAN Manager authentication protocol, but do not specifically disclose that the user logs into the server via a client].
In the same field of endeavor, Kawano et al. disclose:
wherein the display controller and the storage controller are disposed outside the plurality of information processing devices [par. 0006 – A user logs into a domain via a PC (processing device) by authenticating with a server (display controller, storage controller) acting as the domain controller.].
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Ge et al. to include logging in from a client, as taught by Kawano et al., as it is a typical domain configuration that allows users to login from any client within the domain.

Claims 7 and 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Ge et al. (Pub. No. US 2015/0163377) in view of COOLEY et al. (Pub. No. US 2009/0228978) and Kawano et al. (Pub. No. US 2008/0022099) as applied to claim 6 above, and further in view of Soin et al. (Pub. No. US 2007/0156693).

Claim 7 (as applied to claim 6 above):
Ge et al., COOLEY et al., and Kawano et al. disclose all the limitations above but do not specifically disclose:
wherein in a case where the specific service has a plurality of functions, the storage controller performs control to cause the storage unit to store the first access permission information that varies among the plurality of functions.
In the same field of endeavor, Soin et al. disclose:
wherein in a case where the specific service has a plurality of functions, the storage controller performs control to cause the storage unit to store the first access permission information that varies among the plurality of functions [fig. 3C; pars. 0036-0041, particular attention to par. 0041 – Feature permissions are stored for the different functions of the applications (“The feature permissions data may relate to specific functionality (e.g., different screens, user interface components, etc.) in the application, to which the operation system is unaware.”).].
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Ge et al., 

Claim 8 (as applied to claim 6 above):
Ge et al., COOLEY et al., and Kawano et al. disclose all the limitations above but do not specifically disclose:
wherein in a case where the specific service has a plurality of functions, the storage controller changes, for each of the plurality of functions, a storage device to store the first access permission information.
In the same field of endeavor, Soin et al. disclose:
wherein in a case where the specific service has a plurality of functions, the storage controller changes, for each of the plurality of functions, a storage device to store the first access permission information [fig. 3C; pars. 0036-0041, particular attention to par. 0041 – Feature permissions are stored for the different functions of the applications (“The feature permissions data may relate to specific functionality (e.g., different screens, user interface components, etc.) in the application, to which the operation system is unaware.”). “Changes … to store” is being interpreted as going from a state of not being stored to a state of being stored.].
It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combined teachings of Ge et al., COOLEY et al., and Kawano et al. to include feature permissions ACLs, as taught by Soin et al., in order to provide fine grained control over the functionality of applications.
Allowable Subject Matter
Claims 11 and 12 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LARRY T MACKALL whose telephone number is (571)270-1172.  The examiner can normally be reached on Monday - Friday, 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Reginald G Bragdon can be reached on (571) 272-4204.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 


LARRY T. MACKALL
Primary Examiner
Art Unit 2131



26 February 2021
/LARRY T MACKALL/Primary Examiner, Art Unit 2139