DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 16/524,493 filed on 7/29/2019.
Claims 1-20 have been examined and are pending in this application. 
The examiner notes the IDS filed on 7/29/2019 has been considered.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 8, 9 and 18 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding Claim 8; Claim 8 recites the limitation "the biometric data" in lines 1 and 2.  There is insufficient antecedent basis for this limitation in the claim.

Regarding Claim 9; Claim 9 recites the limitation "the stored biometric data" in line 1.  There is insufficient antecedent basis for this limitation in the claim.

Regarding Claim 18; Claim 18 recites the limitation "the biometric data" in lines 1 and 2.  There is insufficient antecedent basis for this limitation in the claim.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-4, 6-14 and 16-20 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mortimore, Jr. et al. (US 2016/0301679 A1).

Regarding Claim 1;
Mortimore, Jr. discloses a method comprising: 
receiving, by a computing device, first input comprising user identifying information ([0025] - In one embodiment, when attempting to access resource environment 140, a user is presented with login interface 180, which can be, for example, a login screen requesting a user name and/or password, or any other type of login interface and [0028]-[0030] – Login Interface... TOTP Login Interface);
([0025]-[0026] - In response to receiving some login information, a profile for the user and/or client device is determined. The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support), whether or not the user has completed required activities (e.g., complete HR profile, training certificates, agreed to terms of service), additional verification/validation can be performed (e.g., third-party validation, two-factor authentication, TOTP) and/or other types of information. In one embodiment, before the log in process is completed, the user is routed through profile flow(s) 182 and any corresponding action(s) 184 can be taken and [0028]-[0030] – Login Interface... TOTP Login Interface)); The examiner notes receiving some login information in which a profile is determined is identifying with a first degree of accuracy based on first input, and as login flows are needed before the login process is completed that represents wherein the first degree of accuracy is insufficient to authenticate the first user.
configuring a client device based on the identified first user ([0025] - In response to receiving some login information, a profile for the user and/or client device is determined. The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support) and [0026] - In one embodiment, before the log in process is completed, the user is routed through profile flow(s) 182 and any corresponding action(s) 184 can be taken and [0037] - The users of user systems 312 may differ in their respective capacities, and the capacity of a particular user system 312 might be entirely determined by permissions (permission levels) for the current user. For example, where a salesperson is using a particular user system 312 to interact with system 316, that user system has the capacities allotted to that salesperson. However, while an administrator is using that user system to interact with system 316, that user system has the capacities allotted to that administrator... Thus, different users will have different capabilities with regard to accessing and modifying application and database information, depending on a user's security or permission level and [0044] – configured to provide ... user (client) systems 312 to support the access by user systems 312) The examiner notes allotting are forms of configuration as users of user systems 312 may differ in their respective capacities, and the capacity of a particular user system 312 might be entirely determined by permissions (permission levels) for the current user. For example, where a salesperson is using a particular user system 312 to interact with system 316, that user system has the capacities allotted to that salesperson. However, while an administrator is using that user system to interact with system 316, that user system has the capacities allotted to that administrator and such allotting is based on profile determination during the login flow, see [0025] - In response to receiving some login information, a profile for the user and/or client device is determined. The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support).
receiving second input comprising user authentication information ([0028]-[0030] – Login Interface... TOTP Login Interface and [0031]-[0032] - After TOTP registration 220 or getting TOTP token 240, the user is routed to TOTP validation 250. If the validation is successful, the user is returned to login flow 270. If the validation is not successful, the user can be returned to TOTP login 210, or the login process can be terminated. Multiple profile types can be supported concurrently. For example, some users may be required to use TOTP validation 290, while other users may be required to use a fingerprint scanner (not illustrated in FIG. 2). The custom login flows described herein can also be extended beyond validation procedures. For example, personal information may be periodically gathered and/or updated. These other customized login flows may be performed independently of the validation flows);
authenticating a second user based on the second input ([0026] - When the login and profile flows have been completed, the user can be granted access to the resource(s) of resource environment 14 and [0031] - After TOTP registration 220 or getting TOTP token 240, the user is routed to TOTP validation 250. If the validation is successful, the user is returned to login flow 270. If the validation is not successful, the user can be returned to TOTP login 210, or the login process can be terminated); and 
authorizing, based on successful authentication of the second user, access to a mobile workspace associated with the authenticated second user and executing on the configured client device ([0025] and [0026] - When the login and profile flows have been completed, the user can be granted access to the resource(s) of resource environment 14 and [0031] - After TOTP registration 220 or getting TOTP token 240, the user is routed to TOTP validation 250. If the validation is successful, the user is returned to login flow 270. If the validation is not successful, the user can be returned to TOTP login 210, or the login process can be terminated and [0037] – allotted and [0044] – configured).

Regarding Claim 2;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein the authorizing of the access to the mobile workspace associated with the second user is based on a determination that the identified first user is the same as the authenticated second user ([0025]-[0026] - In response to receiving some login information, a profile for the user and/or client device is determined. The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support), whether or not the user has completed required activities (e.g., complete HR profile, training certificates, agreed to terms of service), additional verification/validation can be performed (e.g., third-party validation, two-factor authentication, TOTP) and/or other types of information. In one embodiment, before the log in process is completed, the user is routed through profile flow(s) 182 and any corresponding action(s) 184 can be taken and [0031] - After TOTP registration 220 or getting TOTP token 240, the user is routed to TOTP validation 250. If the validation is successful, the user is returned to login flow 270. If the validation is not successful, the user can be returned to TOTP login 210, or the login process can be terminated);

Regarding Claim 3;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein configuring the client device comprises identifying an authentication portal, and wherein receiving the second input comprises receiving the second input via the identified authentication portal ([0025] - In one embodiment, when attempting to access resource environment 140, a user is presented with login interface 180, which can be, for example, a login screen requesting a user name and/or password, or any other type of login interface and [0026] - In one embodiment, before the log in process is completed, the user is routed through profile flow(s) 182 and any corresponding action(s) 184 can be taken. For example, requested information can be stored in a database or forwarded to appropriate parties, licenses can be acquired/registered, etc. When the login and profile flows have been completed, the user can be granted access to the resource(s) of resource environment 140 and [0028]-[0030] – Login Interface... TOTP Login Interface);

Regarding Claim 4;
Mortimore, Jr. discloses the method to Claim 3.
Mortimore, Jr. further discloses wherein a first authentication portal is identified based on a first user, and a second authentication portal is identified based on a second user ([0019] and [0025]-[0026] - In one embodiment, when attempting to access resource environment 140, a user is presented with login interface 180, which can be, for example, a login screen requesting a user name and/or password, or any other type of login interface... The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support), whether or not the user has completed required activities (e.g., complete HR profile, training certificates, agreed to terms of service), additional verification/validation can be performed (e.g., third-party validation, two-factor authentication, TOTP) and/or other types of information. In one embodiment, before the log in process is completed, the user is routed through profile flow(s) 182 and any corresponding action(s) 184 can be taken. - and [0027] - FIG. 2 is a flow diagram of one embodiment of a time-based one-time password (TOTP) authentication flow that can be used to provide customized user validations and [0037]).  The examiner notes different types of customized user validation flows, thus interfaces may be provided. 




Regarding Claim 6;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein the user identifying information comprises biometric data ([0028]-[0030] – Login Interface... fingerprint and  TOTP Login Interface);

Regarding Claim 7;
Mortimore, Jr. discloses the method to Claim 6.
Mortimore, Jr. further discloses wherein the biometric data comprises at least one of a voice sample, a retinal scan, a fingerprint, or feature recognition data ([0028]-[0030] – Login Interface... fingerprint).

Regarding Claim 8;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein identifying the first user comprises matching the biometric data of the first input with stored biometric data corresponding to the first user ([0028]-[0030] – Login Interface... fingerprint... the profile can be determined based on... etc.).  The examiner notes fingerprint.

Regarding Claim 9;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein the stored biometric data corresponding to the first user was previously provided by the first user ([0025] - In one embodiment, when attempting to access resource environment 140, a user is presented with login interface 180, which can be, for example, a login screen requesting a user name and/or password, or any other type of login interface. In response to receiving some login information, a profile for the user and/or client device is determined and [0026] - the requested information can be stored in a database and [0028]-[0030] – Login Interface... fingerprint... the profile can be determined based on... etc.).

Regarding Claim 10;
Mortimore, Jr. discloses the method to Claim 1.
Mortimore, Jr. further discloses wherein the identifying of the first user based on the first input comprises identifying an entity that is associated with the first user, and wherein the configuring of the client device is based on the identified entity ([0025] - In one embodiment, when attempting to access resource environment 140, a user is presented with login interface 180, which can be, for example, a login screen requesting a user name and/or password, or any other type of login interface. In response to receiving some login information, a profile for the user and/or client device is determined. The profile can be based on, for example, the user's position within an organization (e.g., sales, IT, legal, support), whether or not the user has completed required activities (e.g., complete HR profile, training certificates, agreed to terms of service), additional verification/validation can be performed (e.g., third-party validation, two-factor authentication, TOTP) and/or other types of information and [0037] - The users of user systems 312 may differ in their respective capacities, and the capacity of a particular user system 312 might be entirely determined by permissions (permission levels) for the current user. For example, where a salesperson is using a particular user system 312 to interact with system 316, that user system has the capacities allotted to that salesperson. However, while an administrator is using that user system to interact with system 316, that user system has the capacities allotted to that administrator).


Regarding Claim(s) 11-14 and 16-20; claim(s) 11-14 and 16-19 is/are directed to a/an system associated with the method claimed in claim(s) 1-4, 6-8, and 10.  Claim(s) 11-14 and 16-19 is/are similar in scope to claim(s) 1-4, 6-8, and 10, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 20; claim(s) 20 is/are directed to a/an medium associated with the method claimed in claim(s) 1.  Claim(s) 20 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.











Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mortimore, Jr. et al. (US 2016/0301679 A1) in view of Kelly et al. (US 2017/0289128 A1).

Regarding Claim 5;
Mortimore, Jr. discloses the method to Claim 1.
(Mortimore, [0011]);
Mortimore, Jr. fails to explicitly disclose and not prepopulating any authentication data at the identified authentication portal.
However, in an analogous art, Kelly teaches an authentication portal in which wherein configuring the mobile workspace comprises prepopulating a user identification at the identified authentication portal, and not prepopulating any authentication data at the identified authentication portal (Kelly, [0061]-[0062] - The enterprise management component 153 can then populate the field for the email address with the enterprise email address associated with the user of the client device 106. In other examples, the user can manually input the enterprise email address into the field for the email address. The enterprise management component 153 can then prompt the user to input the password for the user account 163 into the password field of the user interface. In alternative examples, the enterprise management component 153 can automatically populate the password field with the password for the user account 163)).
Since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself that is in the substitution of requiring input of the password (i.e., not prepopulating any authentication data at the identified authentication portal) of the secondary reference(s) for prepopulated any authentication data of the primary reference. Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious.

Regarding Claim(s) 15; claim(s) 15 is/are directed to a/an system associated with the method claimed in claim(s) 5.  Claim(s) 15 is/are similar in scope to claim(s) 5, and is/are therefore rejected under similar rationale.


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to 






/KARI L SCHMIDT/Primary Examiner, Art Unit 2439