DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/06/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 6-10, 13-17 and 20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 20020004832 to Yoon et al (hereinafter Yoon).
As per claims 1, 8 and 15, Yoon teaches:
A method comprising: 
determining that a request to access a resource of a network was transmitted using an unsecured protocol (Yoon: [0066]: First, the target internet server 60 receives an HTTP request (request using an unsecure protocol), the connection request signal "R_C", from the local computer 30 in step 402. [0070] FIGS. 8 illustrates the connection procedure in the target Internet server 60 in the case that the local computer requests services according to a protocol other than the HTTP. In the Internet services using a protocol such as FTP (request using an unsecure protocol), a session is continued for a certain time is once the local computer 30 is connected to the server. [0031]: The target internet server 60 provides additional services related to the contents stored in the medium 10 in response to the request of the local computer 30; 
determining that the request includes authentication credentials (Yoon: [0039]: the internet client 34 requests a connection using the temporary ID and password. Responsive to the connection request message, the target internet server 60 compares the temporary ID and password included in or following the connection request message with those from the connection authentification server 50.; 
determining, by a processing device, whether the authentication credentials are authentic (Yoon: [0039]: Responsive to the connection request message, the target internet server 60 compares the temporary ID and password included in or following the connection request message with those from the connection authentification server 50. If two kinds of data are identical respectively, the target internet server 60 transmits a connect admission message to the local computer 30 (step 108)); and 
in response to determining that the authentication credentials are authentic, disabling the authentication credentials without user input (Yoon: [0060] The authentification time "T" is used by the target internet server 60 to determine whether the local computer 30 receiving the temporary ID and password "P" accesses the target internet server 60 by a certain effective time limit. Thus, in the preferred embodiment, the temporary ID and password "P" is invalidated when the effective time limit lapses or a predetermined service session provided by the target internet server 60 is completed, i.e., after the temporary ID and password “P” are authenticated, they are invalidated without user input). 

As per claims 2, 9 and 16, Yoon teaches:
The method of claim 1, wherein determining whether the authentication credentials are authentic comprises determining whether the authentication credentials match second authentication credentials of an identity associated with the resource using a security domain associated with the resource (Yoon: [0066]: the target internet server 60 checks the validity of the temporary ID and password "P" by comparing the temporary ID and password "P" with those received from the connection authentification server 50 in step 414). 

As per claims 3, 10 and 17, Yoon teaches:
The method of claim 2, wherein the security domain is configured with access to a repository of identities associated with the resource, each of the identities in the repository including respective second authentication credentials (Yoon: [0061]: The connection authentification server 50 stores the temporary ID and password "P" in its database and transmits such data to the local computer 30 and the target internet server 60. Also, all the parameters used for generating the temporary ID and password are transmitted to the target internet server 60). 

As per claims 6, 13 and 20, Yoon teaches:
The method of claim 1, wherein the unsecured protocol is a hypertext transfer protocol (HTTP) (Yoon: [0066]: First, the target internet server 60 receives an HTTP request, the connection request signal "R_C", from the local computer 30 in step 402). 

As per claims 7 and 14, Yoon teaches:
The method of claim 1, wherein the authentication credentials comprise a user name and password (Yoon: [0039]: the internet client 34 requests a connection using the temporary ID and password). 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 4, 11 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Yoon and US 9374349 to Corlett et al (hereinafter Corlett).
As per claims 4, 11 and 18, Yoon does not teach: further comprising transmitting one or more notifications to an owner of the authentication credentials, the one or more notifications indicating that the authentication credentials have been disabled. However, Corlett teaches:
further comprising transmitting one or more notifications to an owner of the authentication credentials, the one or more notifications indicating that the authentication credentials have been disabled (Corlett: column 6, lines 39-56: In such embodiments, upon expiration according to the timer, credential server 202 may automatically disable the temporary single-factor credential. Column 7, lines 15-19: Additionally, or alternatively, when the temporary single-factor credential is disabled, credential server 202 may send an expiration message to user 114, through email, SMS message, etc., indicating the temporary single-factor credential has been or will be disabled). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Corlett in the invention of Yoon to include the above limitations. The motivation to do so would be to control access to a computer system (Corlett: column 1, lines 29-30).

Claims 5, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Yoon in view of Corlett as applied to claims 4, 11 and 18 above, and further in view of US 20100077467 to Satagopan et al (hereinafter Satagopan).
As per claims 5, 12 and 19, Yoon in view of Corlett does not teach: wherein the one or more notifications include a request to reset the authentication credentials. However, Satagopan teaches:
wherein the one or more notifications include a request to reset the authentication credentials (Satagopan: [0034]: Either module 108 on system 101 or module 122 on server 120 may determine that the user's login credentials have expired and may notifying user 105 that he or she is to modify /update the user credentials). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Satagopan in the invention of Yoon in view of Corlett to include the above limitations. The motivation to do so would be to provide a client-side authentication service that allows seamless access to datacenter-provided information corresponding to various client-side applications and provide a server-side authentication service that allows seamless access to datacenter-provided information corresponding to various client-side applications (Satagopan: [0004]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 5604803 to Ashar Aziz: It will be appreciated that since the decrypted random number password provided by the client workstation to the destination server over the Internet is sent in the clear, an intruder can detect this password during the login process. However, since the server invalidates or removes the random number password after each successful login, or alternatively, after the time out of the interval (t), network security is not compromised. Even assuming an intruder intercepts the decrypted random number password over Internet, it is of no use to the intruder since it is only valid for a single login, and the login must occur during the predetermined time (t).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359.  The examiner can normally be reached on 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/Primary Examiner, Art Unit 2438