DETAILED ACTION

1.	Notice of Pre-AIA  or AIA  Status:  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-8 and 17-25 are allowed.

3.	Claims 9-16 have been canceled, and claims 1-8, 17, and 18 have been amended.

4.	This allowance of application 16/084022 is in response to Applicant’s claim amendments filed on February 11, 2021.  

5.	PCT/JP2017/010217 (WIPO) filed on March 14, 2017. WO 2017/164008 A1, which states in English, item (81) designating US.  However, the application is not in English.

6.	A certified copy of JP 2016-058275 was filed as the USPTO on September 11, 2018.  However, the certified copy of JP 2016-058275 is not in English and no translated version was provided to verify support for claimed subject matter.  The JP 2016-058275 application was filed on March 23, 2016.

Claim Interpretation
7.	Claim 1 recites “a dummy system.”  Specification [0025] states “the unauthorized log-in environment (dummy system),” [0030] [0042] state “the unauthorized user accesses the dummy unauthorized log-in environment,” and [0043] states “the unauthorized user can log in to the unauthorized log-in environment 14 being a dummy environment in such a manner, the unauthorized user determines that the log-in is successful.  Thus, an attack such as a future unauthorized log-in can be suppressed and further pursuit of authenticated information can be suppressed without the unauthorized user being aware of authentication by biometric information.”  Hence based on clear specification explanation (i.e., [0025] stating” the unauthorized log-in environment 14 (dummy system)”), an unauthorized log-in environment is a dummy system.  This interpretation is applied to all the claims.

Examiner’s Amendment
8.	An examiner’s Amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR § 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the Issue Fee.

9.	Authorization for this examiner’s amendment was given by O. Charlie Vostal, Primary Examiner, on April 13, 2021.  In independent claims 1, 17 and 18, an amendment was made from “the authorized user” to “an authorized user” because the feature has no antecedent basis.

10.	The claims have been amended as follows:

1.	(currently amended) An information processing system comprising:
a storage device storing instructions; and
at least one processing device coupled to the storage device and configured to execute the instructions to:
acquire authentication information;
perform authentication processing on the acquired authentication information;
when authorized user data in an authorized system is changed, update unauthorized user data in a dummy system by using a different of the authorized user data changes, the unauthorized user data in the dummy system begin replicated by a part of data excluding data concealed by an  authorized user from the authorized user data; and
perform log-in processing according to an authentication processing result, 
wherein the at least one processing device is further configured to execute the instructions to
perform log-in processing on the authorized system when authentication processing is successful; and 
perform log-in processing on the dummy system that replicated by the part of data exchanging data concealed by the authorized user when authentication processing is unsuccessful.

17.	(currently amended) A non-transitory computer-readable recording medium that stores a program embodying a program, the program causing an information processing device to execute: perform a method, the method comprising:
acquiring authentication information;
performing authentication processing on acquired the acquired authentication information;
when authorized user data in an authorized system is changed, updating unauthorized user data in a dummy system by using a difference of the authorized user data changed, the unauthorized user data in the dummy system being replicated by a part of data excluding data concealed by an  authorized user from the authorized user data; and
performing log-in processing according to an authentication processing result, 
wherein the method further comprises:
performing log-in processing on the authorized system when authentication processing is successful; and 
performing log-in processing on the dummy system that replicated by the part of data excluding data concealed by the authorized user when when authentication processing is unsuccessful.

18.	(currently amended) An authentication method comprising:
acquiring authentication information;
performing authentication processing on the acquired authentication information;
when authorized user data in an authorized system is changed, updating unauthorized user data in a dummy system by using a difference of the authorized user data changed, the unauthorized user data in the dummy system being replicated by a part of data excluding data concealed by an  authorized user from the authorized user data; and
performing log-in processing according to an authentication processing result,
wherein the authentication method further comprises:
performing log-in processing on the authorized system when prior authentication processing is successful; and 
performing log-in processing on a dummy system different from the authorized system when authentication processing is unsuccessful.


Reason for allowance
11.	Claims 1, 17 and 18 of the present invention is directed towards authentication.  After Authentication Information (AI) is acquired, authentication processing is performed on the acquired AI.  When Authorized User Data (AUD) in an Authorized System (AS) is changed, Unauthorized User Data (UUD) is updated in a Dummy System (DS) by using a difference of the AUD changed, the UUD in the DS being replicated by a Part of Data (PD) excluding Data Concealed (DC) by an Authorized User (AU) from the AUD.  Log-in Processing (LP) is performed according to the AP result.  When prior AP is successful, LP is performed on the AS.  When AP is un-successful, LP is performed on the DS that is replicated by the PD excluding DC by the AU.  Independent claims 1, 17 and 18 each identify the uniquely distinct combination of features:
an information processing system
a storage device storing instructions
at least one processing device coupled to the storage device and configured to execute the instructions to:
acquire authentication information
perform authentication processing on the acquired authentication information
when authorized user data in an authorized system is changed, update unauthorized user data in a dummy system by using a difference of the authorized user data changed
the unauthorized user data in the dummy system being replaced by a part of data excluding data concealed by the authorized user from the authorized user data
perform log-in processing according to an authentication processing result 
wherein the at least one processing device is further configured to execute the instructions to perform log-in processing on the authorized system when authentication processing is successful 
perform log-in processing on the dummy system that replicated by the part of data excluding data concealed by the authorized user when authentication processing is unsuccessful
(specification [0043]) unauthorized user data provided to the unauthorized data us particularly a part of data provided in the authorized log-in environment 13, that is, data having a small amount of information excluding data concealed.

12.	While the summary is on page 31, the closest prior art (Palestrant, US Pub 20090106826; Sarkar et al., US Pub 20160253486; Kondoh et al., US Pub 20150370847; Fox et al., US Pub 20030229781; Ahlbrand, US Pub 20030014636; Guo et al., US 20130227676 [0072] [0073] [0085]; Sugiyama, US Pub 20140165175 [0040] [0041] [0042]; Zmener, US Pub 20120185920 [0008] [0011] [0013] [0045]; Callaghan, US Pub 20070061455 [0032]; Tajima, US Pub 20070067811 [0045]; Riggs, US Pub 20030074559 [0126] [0149]; and Makuck, US Pub 20020194140 [0144]) disclose Authorization Events (AorEs) trigger authentication requests for a user during the course of a computer session.  In an example, an Authentication Event (AenE) trigger occurs as a user navigates through a web interface.  In an embodiment, a user authenticates him or herself to enter a Secure Site (SS).  During the course of navigating through the SS, authentication events are triggered.  Authentication events occur when, for example, the user wishes to perform some action associated with the SS or provide comment on information obtained from the SS or obtain information from the SS.  The act of submitting or taking some action comprises a triggering event.  In response to a triggered authorization request, a system related to the SS (or the same system) generates Authentication Information (AenI) (e.g., a One-Time Password (OTP)) that is transmitted to the user.  The hardware/software resides with the provider hosting the SS, although one should appreciate that the OTP generation may be delegated to another site or received as a service from a third party.  In one embodiment, the user receives the OTP in the form of a page to a pager.  With respect to the medical field, a physician may be required to maintain a page and liability can result from its loss or absence.  AorE triggers are also used in conjunction with a system that does not require an authenticated user before reaching the AorE triggers.  The Internet has provided unprecedented access to information and has spawned industries designed to allow better, quicker, and more convenient access to that information.  This unprecedented access has come with many costs.  By permitting easier access to information, the information itself has become vulnerable.  And, in many situations, significant liability attaches to the loss or compromise of that information.  Thus, security has become the new watch word of the Internet.  Any site that provides access to private information must be secure.  Log-in names and passwords have been employed in the past to solve this security problem.  However, poor choices in log-in name and password combinations continue to plague the use of log-in names and passwords as a viable security mechanism.  Predictable user names and passwords are known points of weakness in any log-in/password system.  Various methods have been employed to improve this system including randomly generated passwords and forced changes to passwords on a periodic basis.  However, these improvements are subject to their own set of problems, including users writing down complicated random passwords, changing passwords from one easily guessed password to another.  In addition, users lose and forget passwords.  Other security systems seek to simplify what is required and at the same time increase security.  Two factor authentication methods represent another methodology used to provide for secure authentication.  Two factor authentication typically takes the form of providing something you have and something you know (e.g., ATM transactions).  You provide something you have, your ATM card – one factor, and you provide something you know, your password – another factor.  Some systems use two factor authentication in conjunction with Authentication Tokens (AenTs).  AenTs are like the ATM card and can even contain static numbers like an ATM card, however, AenTs typically have hardware associated with them that generates a number that changes over time.  Only when that periodically changing number matches one on the system you are trying to access, will a user be authenticated, provided the other factor is validated as well (e.g., hardware token generates a OTP on a periodic basis).  Generating periodically changing numbers to establish one factor for authentication can be expensive.  Each user requires his or her own token, which often have very specific lives and need to be replaced periodically, and the synchronization between the numbers generated by the token and the numbers generated by the authentication system still pose issues.  In both generation methods, the user’s and the provider’s must be synchronized to generate matching OTPs at the same time.  In verifying a user’s OTP, the authentication system must also provide for a delay between generation, submission, and receipt/verification, thus causing synchronization issues.  Providing ease of access while maintaining appropriate levels of security has proven particularly challenging where the information and actions one seeks to protect are particularly sensitive (e.g., financial services, medical services, etc.).  By implementing system and methods for user authentication using event triggered authorization, the present invention overcomes many shortcomings of conventional authentication systems.  In an example, an authenticated user navigates a SS having already provided AenI.  During the course of navigation, the user triggers a series of AenEs.  The AenE triggers an additional security layer based on a provider’s settings for particularly sensitive information or activities.  In addition, failure to properly authenticate, in response to an AenE, may trigger revocation in the comprised user account, minimizing the impact of compromised AenI.  In an embodiment, the AenE causes the provider’s system or another secure system associated with the provider to generate AenI, which may be in the form of an OTP, that is transmitted directly to the authorized user via a page to a pager.  Generating OTP on systems not maintained by the user and then sending the OTP to them provides many advantages (e.g., the reduction in the need of expensive hardware to generate OTPs).  In an embodiment, the provider controls the generation system, synchronization between transmitted AenI and submitted Authorization Information (AorI) becomes easier to manage.  The timing of OTP generation and subsequent receipt by the authorization system can be monitored, and specifically accounted for by the provider because the provider can control the time involved in generating and transmitting OTPs.  Similar benefits can be achieved even where the provider employs a third party to generate AorI.  In an embodiment, AorI transmitted provides for the implementation of a feedback mechanism designed to identify and mitigate comprised AenI.  Authorized users can report the receipt of transmitted AorI.  Notably, where an authorized user has not performed any activity that would trigger an AorE, and consequently the transmission of AorI, the authorized user is immediately aware of un-authorized activity.  The authorized user can report the receipt of AorI and the provider can take appropriate measures that may include, de-activating any AenI associated with that particular user (e.g., the user account), terminate the session associated with the authorized user, log all un-authorized access, flag the logs for security review, trace back the un-authorized access to its source, divert the un-authorized user to dummy pages designed to track and identify the un-authorized user, report un-authorized activity to a security department for appropriate action, and install application objects on the un-authorized users computer system in order to perform various mitigation functions.  In an embodiment, a feedback mechanism is not necessary to trigger the above described actions.  The failure to authenticate in response to an AenE triggers may trigger the same responses described about with respect to the feedback mechanism on the part of the provider or a security department associated with the provider.  In an embodiment, a environment that provides medical services is well suited to the use of AorE triggers to authenticate user access to content and user activities performed in the environment.  Doctors may be provided with secure access to patient information, and specific activities related to patient care can be associated with AorE triggers.  In order to view the information (e.g., patient information), the user must submit the received AorI which must be validated against the generated AorI.  And, the user will have to submit the received AorI for validation in order to proceed.  Optionally, a time window may be associated with the AorE triggers, so that if a user has already been validated against an AorE, subsequent AorE triggers will be deemed validated or ignored.  It should be appreciated that the provider of such an environment can establish various criteria for the AorE triggers and examples should not be read as limiting the criteria to any one particular implementation.  In an embodiment, an act of de-activating access to the secure site is provided in response to the authorized user submitting feedback.  The act of de-activating access to the secure site is in response to a failure to provide valid AenI in response to an AorE.  An act of tracking un-authroized access by tracking a keystroke(s) activity of the un-authorized user, communication protocol information generated between un-authorized user and the secure environment, and re-directing unauthorized user to dummy pages that trace un-authorized access.   In another embodiment, AorE triggers are activated in response to a user navigating the secure site.  In this present invention, computer-readable medium having computer-readable signals stored thereon that define instructions that, as a result of being executed by a computer, instruct the computer to perform the method for authentication of a user employing triggers for AorEs is provided.  A secure environment for a user to access is provided, permitting the user to access the secure environment in response to the user submitting AenI, providing for the authenticated user to navigate within the secure environment, establishing at least one AorE trigger that generates an authentication request in the secure environment, providing for generation of AenI in response to an AorE trigger, providing for transmission of the AenI to a device associate with the user; and providing for verification of submitted AenI.  Various embodiments of the computer-readable medium incorporate the elements discussed about with respect to the method alone.  As an additional security feature, entire user sessions may be logged by the SS.  In the event a user has failed to properly authenticate in response to the AorE and the user has exceeded the retry limit (YES), the user account will be de-activated, and the session logs may be flagged for review.  In an embodiment, active measures designed to trace back the un-authorized activity to a person or a computer system accessing the SS.  An active measure may come in the form of re-directing the un-authorized user to dummy pages meant to maintain the connection between the un-authorized user and the SS in order to perform trace back analysis and procedures.  An optional feature associated with multiple AorE triggers includes the use of a time window.  The provider of the environment can establish almost any specific criteria for AorE triggers, including those specifically discussed by not excluding those not specifically enumerated, unless explicitly stating a feature is excluded.

13.	Another prior art teach an Authentication Server (AenS), an application device and a probability based user authentication system and method.  To simplify authentication while keeping a high level of security, the AS comprises an Authentication Probability (AenP) Evaluation Module (EM) of determining the probability of requestor identification.  The AS is configured to at least receive an Authentication Request (AenR) from an authenticator, said AR comprises at least User IDentification Data (UIDD).  The AP EM is configured upon reception of the UIDD to receive UIDD from a User Information (UI) database; and to determine a User Probability Value (UPV) by comparing at least the User Behavior Information (UBI) with Authenticator Application Data (AenAD).  The requestor is authenticated in dependence of the determine UPV.  Authentication, typically is understood as the act of proving to a computer-based system (aka authenticator) that a user who she or he claims to be.  User authentication is often based on providing User Credentials (UCs) in terms of three factors:  something you know (e.g., password), something you have (e.g., an Automatic Teller Machine (ATM) card), and something you are (e.g., fingerprint).  These factor(s) are typically verified to authenticate a user.  A computer user may be required to authenticate himself (e.g., logging into his computer account, retrieving e-mail from servers, accessing certain files, databases, network, web sites, etc.).  In banking applications,  a bank account holder is required to provide his ATM card as a 1st factor, and enter a Personal Identication Number (PIN) as a 2nd factor in order to access an ATM to conduct a banking transaction.  While in the past, users in general had to authenticate themselves (e.g., with the above factors) in a limited number of situations; the number of necessary authentications rises continuously.  In addition, computer users today have to present log-in-password combinations, and thus to authenticate, when accessing various web sites or services for business or personal purposes.  In addition, it is increasingly necessary for someone to authenticate during further everyday tasks, e.g., when accessing security-restricted areas, including the person’s workplace, gym, apartment building, etc.; when using transportation; or when shopping and subsequently paying for groceries.  Due to the high number of necessary authentications in everyday life, the latter became a quite tedious task, not only due to the effort required with the authentication processes, but also due to the necessity to safely keep a multitude of user credentials.  At least in part due to the effect involved, some users, e.g., tend to choose the same UCs (e.g., log-in information) for multiple applications or choose very simple passwords, which than in turn lead to decreased security of these applications.  Accordingly, a simplified authentication is provided while keeping a high level of security.  In an embodiment, an AenS comprises at least an AP EM for determining a probability of requestor identification.  The AenS is configured to receive an AenR from the authenticator, wherein the AR comprises at least UIDD.  The AP EM is configured to receive the UIDD, receive UBI from a UI database, wherein the UBI corresponds to the received UIDD, and to determine a UPV by comparing at least UBI with Authenticator Application Data (AenAD).  The requestor is subsequently authenticated in dependence of the determined UPV.  The basic idea of embodiment(s) is to provide an improved authentication of a requestor (i.e., a user that requests authentication) based on a determination of a probability or likelihood that the requestor is in fact the user who she or he claims to be.  A convenient and secure way of authentication is provided which may be used in a variety of applications, in particular, in security related applications.  In embodiments, the AenS may be formed integrally with a further component or device of the system or provided as a “stand-alone” device or unit.  The AenS may be formed at least in part by software programming and/or by logic circuitry.  In an embodiment, the AenS comprises a computing unit having at least a processor with a suitable programming to provide the functionality of at least some of the modules described herein.  In embodiments, the AenS comprises at least an AP EM for determining a probability of requestor identification.  In this context, the term “Probability of Requestor IDentification” (PRID) refers to the probability that a current user of an authenticator, which user is also referred to as “requestor,” is who she or he claims to be, namely an authorized granted access to restricted resources (e.g., a device, to information, or to access-restricted locations).  In some applications, the authorized user may be associated with a predetermined user IDdentification and/or a user account.  The AenS is configured to receive an AenR from an authenticator.  The AenR request comprises at least UIDD, buy may comprise additional information/data.  The AenS may be configured to receive the AenR over a LAN/WAN network, e.g., in case the authenticator is in a remote application device.  The AP EM, upon reception of the UIDD is configured to receive/retrieve UBI, corresponding to the received UIDD, from a UI database and determining a UPV by comparing at least the UBI with AenAD.   In dependence of the determine UPV, the respective requestor is subsequently authenticated or not authenticated as the authorized user that she or he claims to be.  The UIDD comprises at least information, allowing to determine a corresponding record of UBI from the UI database.  The UIDD may comprise a specific user ID or a user account, associated with the authorized user for which authentication is requested.  In an embodiment, the AenS may be coupled directly with the authenticator, e.g., in case the AenS is provided as a subsystem of the authenticator.  It is noted, that the term “authenticator” and “authenticator module” are used interchangeably in this description.  The authenticator may be of any suitable type for at least sending the AenR and, e.g., receive a response.  As mentioned, the respective requestor is authenticated or not authenticated as the authorized user in dependence of the determined UPV.  There are many protocols for authentication in existence and/or being developed (e.g., OpenID, SAML, Kerberos, etc.).  In an embodiment, an authentication by the AenS, the AenS upon successful authentication may be configured to provide digital credentials of the authorized user to the authenticator.  In an embodiment, the authorized user typically requests authentication to enter the front door at a given time each workday, such information comprised in the UBI allows to determine the UPV by comparing the “typical time” of the AenR by the authorized user with the time of the actual authentication request of the present requestor.  Here, a higher deviation of these times leads to a reduced probability that the requestor is the authorized user, while an exact match leads to a higher probability that the requestor is in fact the authorized user.  The UPV then is set accordingly.  In an embodiment, a user spatiotemporal data does not comprise such inconsistent information, so that the UPV remains at 0.85 (85%).  The determined UPV and the application IDdentification of the AenR is transferred to the authentication module.  Upon reception, an Authentication Module (AenM) queries an Application Threshold DataBase (ATDB) to obtain an Application Threshold Value (ATV), correlated with security access point.  In this case, the ATV of security access point is 0.8 (or 80%).  The AenM determines, whether the UPVs is equal to or higher than the ATV.  Since this is the case, the AenM send Authentication Information (AenI) to the authenticator of the security access point.  Simultaneously, the AenM stores the time/date and the location of the successful authentication in the record of UBI of user “A”, i.e., in a prior UIDD entry in UI database.  In this case, the AenI comprises information, corresponding to an “authenticated” condition.  The AenI is cryptographically signed by the AenM.  Upon reception of the AenI by the authenticator, the cryptographic signature of the AenI is checked and if the signature is as expected, the authentication is completed by granting the requestor access to the building.  In case the entered password matches the stored copy, the requestor is authenticated.  Otherwise, the authentication and access is denied.  In both events, the authentication ends.  The probability base authentication increases the convenience of accessing an access-restricted resource, since at least in some instances, the tedious entry of a password can be omitted, namely when the request corresponds to the prior behavior of the authorized user.  However, many tasks during daily life follow a repetitive schedule.  In these instances and due to the functionality of an AenS, which corresponds to a “smart background check”, it is possible to authenticate the requestor without asking for UCs (e.g., password, PIN, etc.).  Furthermore, the security of the authentication is improved due to the fact that some UCs (e.g., passwords, PINs) can be stolen, but that in general it is more difficult to “steal” a user’s background or part behavior.  Certainly, in an embodiment, the authentication method may be used in addition to a PIN/password entry to further increase the security of the authentication.  It is noted that the automatic determination of the UPV by the AP EM depends on the UBI, stored in the UI database.  Certainly, without any UBI stored, such as upon initialization of a new user account, an entry of UCs during the authentication may generally be required by the authenticator.  On the other hand, when the UI database comprises a significant amount of UBI, a determination of “behavior patterns” of the authorized user and thus unexpected, suspicious, or unusual AenRs, both, regarding location and time is possible, leading to further improved calculation of the UPV.  The UI database comprises the record of UBI database may have additional or alternative prior probability datasets (e.g., prior user authentication data, prior user proximity data, prior user I/O pattern data, etc.).  In another embodiment, the UI database is, instead of being formed integrally with the AenS or smart phone, formed externally thereof and being connected with the AeS or smart phone.  The functionality of one or more of AP EM and AenM instead of being provided by executing software, being provided by dedicated circuitry formed integrally with a processor or externally thereof in AenS.  The functionality of a training module being provided by dedicated circuitry formed integrally with the respective input device.  The ATDB is formed externally thereof and begin connected to the AenS or smart phone.  Instead of or in addition to obtaining a password as further UCs, the authenticator is configured to query the user for a PIN, voiceprint, and/or a fingerprint.  The prior user authentication data additionally comprises location data associated with the location of prior successful authentications.  And/or, the prior user authentication data additionally comprises information (time and/or location) of un-successful authentication attempts.  

14.	Another prior art teach a Service Providing System (SPS) provides a service to a service usage device connected via a network.  The SPS is constituted by at least one information processing apparatus for implementing various functions of the SPS, the SPS including at least one log information storage unit configured to store log information relating to the service provided to the service usage device, in association with organization identification information of the service usage device.  When a user wants to perform a tenant registration, the user acquires a tenant ID and a Registration Code (RC) from the service provider of the SPS.  The tenant ID and the RC acquired by the user are managed in a sales management device.  The user operates an input device of a Terminal Device (TD) to access a portal site of the SPS.  The TD accesses the portal site of the SPS, based on the operation of the user.  Because an access is made to the portal site, an Access Control Unit (ACU) of the SPS authorizes access from the TD and causes the TD to access a portal service application.  The portal service application displays a top screen on a display device of the TD.  When a request to register a new tenant is made, the portal service application of the SPS displays, on the display device of the TD, an input screen for performing interim registration of the tenant ID.  The user operates the input device of the TD to input information for performing interim registration of the tenant ID, and subsequently requests interim registration.  When a request for interim registration is received from the TD of the user, the portal service application requests the license authentication unit to perform a process of confirming the validity of the tenant ID and the registration code including the information input for performing the interim registration of the tenant ID.  When the tenant ID and the registration code for which a process of conforming the validity is requested, are stored in the license information, the license authentication unit determines whether the registration state associated with the tenant ID and the registration code is “not registered.”  The license authentication unit that has received the request executes a license authentication process, and determines whether the tenant ID and registration code input in the definitive registration screen are stored in the licensed information stored in the Management Information Storage Unit (MISU).  A user authentication unit confirms whether a user information stored in the MISU includes the log-in information received from the TD.  When the user information stored in the MISU includes the log-in information received from the TD, the user authentication unit determine that the user authentication is successful.  When the log-in information received from the TD is not included, the user authentication unit determines that the user authentication is un-successful.  When the user authentication is successful, the ACU authorizes the log-in into the SPS from the TD.  The ACU sends, to the TD, a log-in response based on the result of user authentication by the user authentication unit.  When the device authentication and the user authentication are successful, the ACU authorizes the log-in to the SPS.  Note that when the device authentication is successful and the user authentication is un-successful by the in-hour cooperation authentication unit, the SPS may cause an apparatus to display an input screen for having the user input a user ID and a password for log-in.   In this case, the user is able to input a user ID and a password for log-in in the input screen, and request log-in again.  The apparatus sends, to the user device authentication unit of the SPS, the user ID and the password for log-in input for they user and the tenant ID stored in the storage are in itself, and makes a log-in request.  The user device authentication unit confirms whether the combination of the tenant ID and the user ID and the password for log-in received from the apparatus is included in the user information stored in the MISU.  When the combination of the tenant ID and the user ID and the password for log-in received from the apparatus is included in the user information stored in the MISU, the user device authentication unit determines that the user authentication is successful.  The ACU authorizes log-in to the SPS.  In an embodiment, user information requests log-in to an “online storage B” is received, an external cooperation authentication unit acquires account and an Authorization Token (AenT) as information required for the log-in process to the “online storage B.”  When the cooperating online storage does not have an authorized setting like the “online storage A”, and the cooperating online storage is an external service that performs a log-in process, the external cooperation authentication unit requests log-in to the “online storage A” by using an account and a password.  The account and the password are examples of authentication information with respect to an external service.  The “online storage A”, which has received the log-in request, executes authentication with respect to the received account and password.  When the authentication is successful, the “online storage A” sends a response indicating to authorize log-in to the external cooperation authentication unit.  When the authentication is un-successful, the “online storage A” sends a response indicating not to authorized log-in to the external cooperation authentication unit.  When the external cooperation authentication unit receives a response indicating to authorize log-in from the “online storage A”, the SPS is able to download data from the “online storage A”.  The SPS and the log information providing method are not limited to the specific embodiments described herein, and variations and modification may be made without departing from the spirit and scope of the present invention.

15.	Another prior art teach products for identifying potentially fraudulent receivers of Digital Content (DC).  A receiver authenticates to an Audit Service (AS) with data that should be unique to the receiver.  The AS detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated.  The AS also detects when a receiver authenticates improperly, suggesting an un-successful and un-authorized attempt to duplicate an authorized receiver.  Individual receivers may be networked together.  To help protect a receiver’s authentication data from tampering, at least a portion of the data may be digitally signed with a private key.  The AS may then verify the digital signature with a corresponding public key.  Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.  One problem that subscription-based broadcast systems often face is Theft of Service (ToS).  ToS occurs when someone is able to receive the benefits reserved for subscribers, without paying the associated cost.  Illicit connections to cable system and cloned receivers for satellite systems are examples of ToS.  ToS is becoming increasingly significant with the improved quality of digital broadcasts.  When DC may be obtained, these and other advantages make ToS an attractive prize.  Therefore, it is important to protect against ToS.  However, there is a practical economic limit to the resources that may be devoted to preventing ToS.  The present invention is useful in identifying potentially fraudulent receivers of DC.  At some point in time, receivers communicate with an AS.  During this communication, the receivers authenticate to the AS.  The AS is able to detect when a receiver authenticates improperly, indicating an un-successful attempt at duplicating an authorized receiver.  Individual receivers may be networked together (e.g., via video network).  Only one of the networked receivers need operate as a gateway for receiving broadcast DC from a content source.  Other local receivers may access DC from the gateway receiver, rather than the broadcast source.  The gateway receiver authenticates local receivers and stores corresponding representations of at least a portion of the authenticated data.  To help protect a receiver’s sensitive and other data from tampering, at least a portion of the data may be digitally signed with a private key.  This allows the AS to verify the digital signature with a public key.  A device BirthMark (BM) helps assure the integrity of a System Data Store (SDS) 228.  The device BM is a signed hash of the SDS 228 contents.  As its name implies, the device BM is unique to each receiver.  A hashing SDS 228 allows any changes to be detected.  Like a certificate, the SDS hash is signed with the service provider private key.  Periodically, the AS receives the BM of the gateway receiver and possibly the content of the SDS 228.  Receiving the same BM from multiple receivers indicates that a receiver has been cloned.  Invalid BMs indicate an SDS and receiver that are not authorized by the service provider.  By receiving the contents of SDS 228, the AS is able to determine the extent of invalid content within the SDS.  Duplicate and invalid BMs suggest ToS.  The BM may be received in conjunction with the gateway receiver authenticating to an AS and in conjunction with a local receiver authentication to the gateway receiver.  The contents of each SDS 228 may be created by the AS, delivered to a manufacturer on some type of storage media (separated by serial number), such as a CD, and added to each SDS 228 at the point of manufacture.  As an added level of security, the AS could require that any authorized manufacturer sign all or a portion of the SDS 228 contents.  In some embodiments, physically packaged data stores (e.g., SDS 228) are, in a manner, to inhibit reverse engineering or hacking.  Secure packaging may be necessary to assure only authorized distribution of content and services.  As a result, expensive packaging may reduce the service provider’s revenue or increase the cost of a service to consumers.  Authenticating to an AS may include an act or retrieving authentication data from a read only or write-once memory and an act of sending the authentication data to the AS.  The device BM and certificate are examples of authentication data.  The AS tracks authentication information.   This authentication information allows the AS to identify particular receivers.  In one embodiment, the AS tracks the serial number and public key for each receiver.  In another embodiment, the AS tracks the contents of each receiver’s SDS.  When the AS receives authentication data (e.g., certificate) from a gateway receiver, the AS determines whether the certificate was signed by the service provider’s private key.  At times, the AS receives a device BM as authentication data.  For example, after initial activation, a gateway receiver may periodically contact the AS (e.g., to communicate billing information).  The authentication data also may include a representation of authentication data for local receivers that have authenticated to a gateway receiver.  In an embodiment, the AS tracks the hash value used to create the BM for each receiver’s SDS.  Next, the AS compares the received authentication data with tracked authentication information.  Based on the received authentication data, the AS identifies potentially fraudulent receivers.  If the same BM is received from multiple receivers, the AS may determine that a receiver has been cloned.  An invalid BM suggests an un-successful and un-authorized attempt to create an SDS.  If a certificate or BM for a particular receiver is never received, the AS may determine that receivers are being used for un-authorized purposes.  Because the service provider may subsidize the purchase of a receiver, it may be important to identify receivers that fail to contact the AS.

16.	And, another prior art teach a Computer Storage Medium (CSM) includes identification information (e.g., name, ID number, picture, routine identification information, etc.).  Data stored on the CSM can include security data, encryption data, programs, network log-in executables, etc.  A secure computer network is accessed by inserting the CSM into a computer.  The computer can automatically run an executable resident on the CSM or it can be manually triggered by the user.  The executable prompts the user for a password.  The CSM contains a User IDentification (UID) that was encode when it was issued to the user.  The user inputs their password and the network authenticates the UID/password combination granting or denying access to the network.  The CSM can install a memory resident process that provides on-line encryption capability for data, and can be incorporated into a computer security system that includes a secure key distribution system.  Digital signature capability can also be implemented.  There are number badging systems in use by companies and organizations worldwide.  The purpose of such badging systems is to provide at least one level of security in that the bearer of a badge is who they purport to be based on the information contained on the badge.  One means of verification is physical inspection of the badge by a third party (e.g., a security guard).  A typical badge would therefore contain, at a minimum, the name and picture, or the individual.  Additional layers of security have been added to identification badges over time.  The most common form of computer security is the un-encrypted UID and Password combination.  This is where an individual access computer resources and data by inputting a UID and password combination unique to that individual and known to the “computer system.”  The computer system compares the input UID and password combination against its list of UIDs and passwords combinations and grants access to the “computer system” only when a valid combination has been entered.  Stronger authentication techniques have become necessary that combine the physical possession aspects of a badge with the user’s ability to enter and UID and a password from memory.  Thus, physical possession of the badge is not enough, as the password must also be known, and vise versa.  In embodiments, upon a computer booting up would automatically run an executable resident on the removable CSM.  Alternatively, the executable could be manually triggered by the user by accessing the drive containing the removable CSM.  The executable may also have been previously installed on the computer system.  The executable would prompt the user for a password.  The removable CSM already contains a UID that was encoded when it was issued to the user.  The user would input his or her password and the network would existing manual log-in processes or it can be enhanced to utilize encryption data that would be resident on the removable CSM.  In embodiments, the user is prompted for the UID and password combination, or alternatively just the password.  Once a validation decision has been made, deeming the password invalid denies access to the computer system.  However, if the password is deemed valid, then access is granted to the computer system.  There are several advantages realized by the present invention.  The invention can be used to enable many different data encryption and security features.  For instance, it can be used as part of a computer log-in authentication system that grants or denies access to certain computer or network resources.  Another use is data encryption to encrypt and/or de-crypt data.

17.	In summary, nowhere do Palestrant, Sarkar, Kondoh, Fox, Ahlbrand, Guo, Sugiyama, Zmener, Callaghan, Tajima, Riggs, and Makuck explicitly mention or disclose the unique combination of elements listed above.  The instant specification (features highlighted in bold above) provides explanation/clarification to some critical features (e.g., part of data).  The prior art, either singularly or in combination fails to anticipate or render obvious the present invention.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

18.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to O. Charlie Vostal whose telephone number is 571-270-3992.  The examiner can normally be reached on 8:30am to 5:00pm EST Monday thru Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Thu Nguyen can be reached on 571-272-6967.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the Public PAIR system, see http://portal.uspto.gov/pair/PublicPair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


	/ONDREJ C VOSTAL/           Primary Examiner, Art Unit 2452                                                                                                                                                                                             
	April 15, 2021