Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.       This action is responsive to the communication filed on 10/24/2019.

Claim Rejections – 35 USC 102
2.	The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


3.	Claims 1-4, 7-8, and 13 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Fukuda (US 2017/0041504).
Regarding claim 1, Fukuda teaches a method for authenticating users of a data processing platform (fig. 4, ‘1170) comprising:
storing a mapping of a unique user platform identifier to at least a first user identity
provider identifier associated with a first external identity provider of a first realm (fig. 1, 8A-8C, & 10A-10D, which disclose mapping a mobile terminal IDP_user_ID to stored tenant IDP_User_ID information & par [0132], “stores the IDP identifier”) and at least a second user identity provider identifier associated with a second external identity provider of a second realm for a same user (fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service);
par [0118] & [0132], which disclose the mobile terminal user issuing a log-in request in to establish a session);
receiving, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider identifier associated with the request (par [0094] and [0117], which disclose the external service user information providing the requested IDP_User_ID information); and
granting permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier (fig. 10A-10D & par [0138-0142], which discloses granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID); 
wherein the method is carried out by one or more processors (fig. 1).
Regarding claim 2, Fukuda teaches wherein the granting permission to perform the one or more actions on the data of the data processing platform comprises:
determining if the received user identity provider identifier associated with the request matches either of the first user identity provider identifier or the second user identity provider identifier mapped to the unique user platform identifier (fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service) and if so, using the unique user platform identifier for granting permissions to resources of the data processing platform during the access session (par [0138-0140], which discloses the authenticating and permission server authenticating the requesting user ID based on whether the presented IDP user ID matches already stored user IDP information).
Regarding claim 3, Fukuda teaches wherein the storing a mapping of a unique user platform identifier comprises creating the unique user platform identifier as mapped to both the at least first user identity provider identifier associated with the first external identity provider of the first realm (par [0098], “determines whether there is the already registered user matching the user information of the external service 1015 acquired in step S30”) and the at least second user identity provider identifier associated with the second external identity provider of the second realm (par [0098], “determines whether there is the already registered user matching the user information of the external service 1015 acquired in step S30”).
Regarding claim 4, Fukuda teaches wherein the storing a mapping of a unique user platform identifier comprises:
assigning a first user platform identifier to the first user identity provider identifier associated with the first external identity provider of the first realm and assigning a second user platform identifier to the second user identity provider identifier associated with the second external identity provider (8A-8C, “tenant information”…….”external service tenant information”);
linking the first user platform identifier to the second user platform identifier to link at least one permission provided from the first external identity provider with at least one permission provided from the second external identity provider (8D-8E, “tenant_ID…….IDP_User_ID”); and
fig. 10A-10D & par [0138-0142], which discloses granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID).
Regarding claim 7, Fukuda teaches system for authenticating users of a data processing platform (par [0036] & fig. 10, ‘1014) comprising:
one or more processors (fig. 2); and
memory comprising stored executable instructions that when executed by the one or more processors (fig. 2) causes the one or more processors to:
store a mapping of a unique user platform identifier to at least a first user identity provider identifier associated with a first external identity provider of a first realm (fig. 1, 8A-8C, & 10A-10D, which disclose mapping a mobile terminal IDP_user_ID to stored tenant IDP_User_ID information * par [0132], “stores the IDP identifier”) and at least a second user identity provider identifier associated with a second external identity provider of a second realm for a same user  (fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service);
receive a request from a client device to establish an access session to perform one or more actions on data of the data processing platform (par [0118] & [0132], which disclose the mobile terminal user issuing a log-in request in to establish a session);
receive, from at least one of the first external identity provider of the first realm or the second external identity provider of the second realm, a user identity provider par [0094] and [0117], which disclose the external service user information providing the requested IDP_User_ID information); and
grant permission to perform the one or more actions on the data of the data processing platform based at least in part on the received user identity provider identifier (fig. 10A-10D & par [0138-0142], which disclose granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID).
Regarding claim 8, Fukuda teaches wherein the memory comprises stored executable instructions that when executed by the one or more processors causes the one or more processors to:
grant permission to perform the one or more actions on the data of the data processing platform by at least determining if the received user identity provider identifier associated with the request matches either of the first user identity provider identifier or the second user identity provider identifier mapped to the unique user platform identifier (fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service & fig. 10A-10D & par [0138-0142], which disclose granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID) and if so, using the unique user platform identifier for granting permissions to resources of the data processing platform during the access session (par [0138-0140], which discloses the authenticating and permission server authenticating the requesting user ID based on whether the presented IDP user ID matches already stored user IDP information).

Regarding claim 9, Fukuda teaches wherein the memory comprises stored executable instructions that when executed by the one or more processors causes the one or more processors to:
store a mapping of a unique user platform identifier by creating the unique user platform identifier as mapped to both the at least first user identity provider identifier associated with the first external identity provider of the first realm (par [0098], “determines whether there is the already registered user matching the user information of the external service 1015 acquired in step S30”) and the at least second user identity provider identifier associated with the second external identity provider of the second realm (par [0098], “determines whether there is the already registered user matching the user information of the external service 1015 acquired in step S30”).

Regarding claim 10, Fukuda teaches wherein the memory comprises stored executable instructions that when executed by the one or more processors causes the one or more processors to:
store a mapping of a unique user platform identifier by:
assigning a first user platform identifier to the first user identity provider identifier associated with the first external identity provider of the first realm and assigning a second user platform identifier to the second user identity provider identifier associated with the second external identity provider (8A-8C, “tenant information”…….”external service tenant information”);
linking the first user platform identifier to the second user platform identifier to link at least one permission provided from the first external identity provider with at least 8D-8E, “tenant_ID…….IDP_User_ID”) and
using at least one of either of the linked first user platform identifier or the second user platform identifier to grant permission to perform the one or more actions on the data (fig. 10A-10D & par [0138-0142], which discloses granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID).

Regarding claim 13, Fukuda teaches a method for authenticating users of a data processing platform (fig. 4, ‘1170) comprising:
receiving a first request from a first client device to establish a first access session to
perform one or more first actions on first data of the data processing platform (par [0118] & [0132], which disclose the mobile terminal user issuing a log-in request in to establish a session);
receiving, from a first identity provider of a first realm, at least a first authentication identifier associated with the first request (fig. 9, “authentication key”);
receiving a second request from a second client device to establish a second access session to perform one or more second actions on second data of the data processing platform (fig. 1, fig. 7, ‘9.6, & 8A-8C, which disclose that an IDP_user_ID submitted via a login request after an IDP_IP of the same user has previously been presented granted authentication in an external service);
receiving, from a second identity provider of a second realm for a same user, at least a second authentication identifier associated with the second request (par [0009], lines 15-18, “second authentication function”); and
fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service and fig. 10A-10D & par [0138-0142], which discloses granting authentication to the requesting mobile terminal user based on the submitted IDP_User_ID);
wherein the method is carried out by one or more processors (fig. 1).

Regarding claim 14, Fukuda teaches wherein the first and second client devices are the same device (fig. 1, fig. 7, ‘9.6, 8A-8C, & 10A-10D, which disclose determining that the IDP_user_ID matches an IDP_IP of the user stored in an external service) and wherein the method includes:
storing the single unique user platform identifier as data being logically mapped to both the at least first authentication identifier from the first realm and the at least second authentication identifier from the second realm (8A-8C, “tenant information”…….”external service tenant information”); and
wherein granting permission to perform the one or more first actions on the first data and the one or more second actions on the second data comprises determining if the received user identity provider identifier associated with the request matches either of the first user identity provider identifier or the second user identity provider identifier mapped to the unique user platform identifier (par [0098], “determines whether there is the already registered user matching the user information of the external service 1015 acquired in step S30”) and if so, par [0138-0140], which discloses the authenticating and permission server authenticating the requesting user ID based on whether the presented IDP user ID matches already stored user IDP information).

Claim Rejections – 35 USC 103
4.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office Action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 5-6, 11-12, and 15-16 are rejected under 35 USC 103 as being unpatentable over Fukuda (US 2017/0041504) in view of Orsini et al (US 2010/0299313).
Regarding claim 5, Fukuda teaches wherein the granting permission to perform the one or more actions on the data comprises:
evaluating permission data associated with the at least first user identity provider identifier (par [0057], “client terminal ‘1011” & fig. 10A, “IDP_User_ID matching external service user information”) and permission data associated with the at least second user identity provider identifier (fig. 10B, which discloses the external service user information IDP_User_ID that was previously granted permission).
Orsini et al further teaches resolving a conflict among evaluated permissions for the request (par [0211], lines 15-17, which discloses authentication result conflict resolution pertaining to comparing authentication data received by multiple users to ensure proper identification).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result of improving upon determining if user credential data entered by a requesting user matches user identification data in an external when implementing a comparator to check for redundancy associated with multiple users entering the same identification data (disclosed in fig. 15 of Orsini et al) because the comparator determines if entered user identification is redundant without requiring data to be probed in a remote or external service entity, as required by Fukuda.
Regarding claim 6, Fukuda and Orsini et al teach the limitations of claim 5.
 Orsini et al further teaches assigning a timeout period to permissions associated with at least one of the first and second user ID provider identifiers (par [0269], lines 7-9, “time-out period from the initial authentication request”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result disclosed regarding claim 5.


Regarding claim 11, Fukuda teaches wherein the memory comprises stored executable instructions that when executed by the one or more processors causes the one or more processors to: grant permission to perform the one or more actions on the data by:
evaluating permission data associated with the at least first user identity provider identifier (par [0057], “client terminal ‘1011” & fig. 10A, “IDP_User_ID matching external service user information”) and permission data associated with the at least second user identity provider identifier (fig. 10B, which discloses the external service user information IDP_User_ID that was previously granted permission).
Orsini et al further teaches resolving a conflict among evaluated permissions for the request (par [0211], lines 15-17, which discloses authentication result conflict resolution pertaining to comparing authentication data received by multiple users to ensure proper identification).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result of improving upon determining if user credential data entered by a requesting user matches user identification data in an external when implementing a comparator to check for redundancy associated with multiple users entering the same identification data (disclosed in fig. 15 of Orsini et al) because the comparator determines if entered user identification is redundant without requiring data to be probed in a remote or external service entity, as required by Fukuda.
Regarding claim 12, Fukuda and Orsini et al teach the limitations of claim 11.
 Orsini et al further teaches wherein the memory comprises stored executable instructions that when executed by the one or more processors causes the one or more processors to assign a timeout period to permissions associated with at least one of first and second user ID provider identifiers (par [0269], lines 7-9, “time-out period from the initial authentication request”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result disclosed regarding claim 11.
Regarding claim 15, Fukuda teaches wherein the granting permission to perform the one or more actions on the data comprises:
evaluating permission data associated with the at least first user identity provider identifier (par [0057], “client terminal ‘1011” & fig. 10A, “IDP_User_ID matching external service user information”) and permission data associated with the at least second user identity provider identifier (fig. 10B, which discloses the external service user information IDP_User_ID that was previously granted permission).
Orsini et al further teaches resolving a conflict among evaluated permissions for the request (par [0211], lines 15-17, which discloses authentication result conflict resolution pertaining to comparing authentication data received by multiple users to ensure proper identification).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result of improving upon disclosed in fig. 15 of Orsini et al) because the comparator determines if entered user identification is redundant without requiring data to be probed in a remote or external service entity, as required by Fukuda.
Regarding claim 16, Fukuda and Orsini et al teach the limitations of claim 15.
 Orsini et al further teaches assigning a timeout period to permissions associated with at least one of the first and second user ID provider identifiers (par [0269], lines 7-9, “time-out period from the initial authentication request”).
It would have been obvious to one of ordinary skill in the art before the effective date of the claimed invention to combine the embodiment of Orsini et al within the multi-tenant service provisioning system of Fukuda would provide the predictive result disclosed regarding claim 15.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications 

/RANDY A SCOTT/Primary Examiner, Art Unit 2439                                                                                                                                                                                            20210409