DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1 and 4 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Kamal et al., USPN 2016/0005038, in view of Hoyos et al., USPN 2014/0337930.
With regard to claim 1, Kamal discloses an integrated cybersecurity method for providing client access to a website (such as Mastershop, 0027), including receiving website configuration information for the client access (“determining authentication rule based on a policy associated with the entity” in claim 1, 0016, 0038, 0040, claim 4), 5receiving client enrollment data for the client access (“stored user authentication data” in claim 1, 0031, 0036), receiving client input data from a client (“authentication response data” in claim 1, 0031), defining integrated client confirmation, including authenticating the client input data by comparing the client input data with the client enrollment data (“the authentication response data matches” in claim 1, 0031), 10authorizing the authenticated client by determining client authorization information associated with the client enrollment data based on the website configuration information (claim 1, 0016, 0038, 0040), and identifying the authenticated client by determining client identification information associated with the client enrollment data (0017, 0029, 0036), and 15providing the website with the client identification information based on the integrated client confirmation (information box on website indicates transaction approved 0029), wherein the website is isolated from the client enrollment data, the client input data, and the defining of the integrated client confirmation (0027). Kamal discloses that a higher authentication level might be required for a higher level of access (0016-0017), but does not disclose authorizing by determining client authorization information associated with the client enrollment data based on the website configuration information for the client access to the website. Hoyos discloses a method of authenticating an enrolled user to 
With regard to claim 4, Kamal in view of Hoyos discloses the method of claim 1, as outlined above, and Kamal further discloses authenticating using FIDO protocols (0011, 0021). The motivation to combine remains the same as outlined above.
Claims 2 and 3 are rejected under 35 U.S.C. 103 as being unpatentable over Kamal in view of Hoyos in further view of Kamal et al., USPN 2015/0294313.
With regard to claim 2, Kamal (038) in view of Hoyos discloses the method of claim 1, as outlined above, and further discloses based on the client enrollment data, looking up the client in a database (biometric database 0031, 0038, 0041), but Kamal (038) does not go into much detail on the initial enrollment process. Kamal (313) discloses a similar biometric authentication method (0014, 0015, 0023), and further discloses enrolling an unregistered user in the biometric database (0025, 0029), informing the user of success or failure (claims 2 and 3, 0043, Fig. 4B 466), and logging the enrollment (record, 0035, claim 25). It would have been obvious for one of ordinary skill in the art, prior to the instant effective filing date, to use the enrollment of Kamal (313) in the authentication method of Kamal (038) in view of Hoyos for the motivation of creating the database disclosed by Kamal (038).

Response to Arguments
Applicant's arguments filed 29 June 2021 have been fully considered but they are not fully persuasive.
With regard to the amendments, the examiner found the arguments persuasive and amended the rejection in light of the amended claims.
With regard to applicant’s argument that Kamal teaches that client access information is present on the server prior to the authentication step, the examiner points out that the client input data in the claims is also received prior to authentication. Further, the examiner points out that the claims do not indicate where the website configuration information or the enrollment data is received from, and thus it could be received from local memory or storage.
Cited References
Queralt et al., USPN 2018/0097640, is cited as a relevant reference that teaches user access level (0002) as well as Fast Identity Online authentication (0016, claim 3), but was not seen as reading on the claims. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JACOB LIPMAN whose telephone number is (571)272-3837.  The examiner can normally be reached on 5:30AM-6:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JACOB LIPMAN/Primary Examiner, Art Unit 2434