Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This action is in response to the original claims filed 49/04/2019.  Claims 1-27 are pending.  Claims 1 (a transitory CRM), 11 (a method), 20 (a software machine), and 24 (a means for) are independent.

Claim Objections
Claims 5 and 15 objected to under 37 CFR 1.75(c) as being in improper form because a multiple dependent claim must be in the alternative only.  See MPEP § 608.01(n).  

	Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-10 and 20-23 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claims 1 and 20 are interpreted as software per se and are non-statutory for § 101 purposes.  In more detail, claims 1 and 20 comprise a plurality of software steps and “a processor” and “tangible media”.  A processor is interpreted to include the 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 24-27 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim limitation “means for receiving”, “means for interrogating”, “means for using the authentication-method information”, and “means for enabling communications” invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts Claims interpreted under 112(f) “means for” are interpreted to comprise, at least in part, physical elements.  However, the written description does not detail physical elements as the “means for”.  Rather, the specification in describing Figure 4, appears to describe these means as software means.  It is unclear what structure or material in the specification is used to perform the respective “means for” in claim 24.
 Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 

(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 11, 20, and 24 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Shah et al., US 2017/0374070 (filed 2016-01).
	As to claims 1, 11, 20, and 24 Shah discloses a CRM/method/machine/machine comprising:
A tangible processor-readable medium including instructions executable by one or more processors, and when executed operable for: (Shah ¶ 166)
receiving a signal from a client-side program (“a browser 107 or applications 107 (which can collectively be referred to as browser/apps 107) of the user device 112 and 
interrogating the server-side software (“Using the S.sub.R interface 120, OpenID Functions (e.g., Discovery, Association, Assertion) may be invoked, an assurance level that is required by the RP 108 may be communicated from the RP 108 to the MFAS 102, and policies may be negotiated between the RP 108 and the MFAS 102.” Shah ¶ 48) for authentication-method information; (“At 210, the MFAS 102 may obtain policies specified by the SP 108, from a service provider database 114 b for maintaining policy information related to a plurality of service providers. At 212, based on the obtained policies and user profile information, the MFAS 102 may provide an authentication factor or a list of authentication factors that can be executed to satisfy the required AL.” Shah ¶ 44)
using the authentication-method information to authenticate (“218, where the MFAS 102 selects the authentication factors that should be executed. In doing so, the MFAS 102 may obtain authentication capabilities from a device or user equipment (UE) database 114 c” Shah ¶ 44) the client-side program (Shah ¶ 49) for interaction with the server-side software; (Shah ¶ 44, the SP) and 
enabling communications between the client-side program and the server-side software using an authentication method specified by the authentication-method information. (“At 228, in accordance with the illustrated example, the assurance level that is achieved by the authentications is sent to the SP 108 in an assertion.” Shah ¶ 46)


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2-5 and 12-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah et al., US 2017/0374070 (filed 2016-01), in view of Pinto et al., US 2014/0281909 (filed 2014-01).
As to claims 2, 12, Shah discloses the CRM/method of claims 1, 11 but does not disclose: wherein the server-side software includes a REpresentational State Transfer (REST) web service.

Pinto discloses:
wherein the server-side software includes a REpresentational State Transfer (REST) web service. (“The REST connector communicates with the REST server computer 36, which manages and stores the user preferences and other configuration information in a database 164.” Pinto ¶ 129.  “REST connectors enable web services data to be exposed in a collaboration. In response to receiving the above-noted information from the proxy connector participant, REST connectors generate and transmit HTTP Get requests to a REST server computer for data accessed via the REST server computer.” Pinto ¶ 209)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Shah with Pinto by including REST services and connectors (as described in Pinto) in the service provider of Shah.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Shah with Pinto in order to store user preference information and to enable collaboration among plural users (Pinto ¶¶ 129 and 209), thereby providing desired services to users of the system. 


As to claims 3, 13, Shah in view of Pinto discloses the CRM/method of claims 2, 12 but does not disclose: 
wherein the client-side program includes a spreadsheet program.

Pinto further discloses:
wherein the client-side program includes a spreadsheet program.
(“FIG. 26E shows a fourth software system 1036 d that includes MICROSOFT Excel 1020. An add-in is installed in MICROSOFT EXCEL. The add-in extends the functionality of Excel by defining a set of custom functions that permit share definitions and consume requests to be defined in cells of a spreadsheet. In addition, the custom functions enable a user to provide login credentials entered in the spreadsheet to the stateful data sharing service when the spreadsheet is opened.” Pinto ¶ 324)



As to claims 4, 14, Shah in view of Pinto discloses the CRM of claims 3, 13 and further discloses: 
wherein the client-side program includes Microsoft Excel®. (“FIG. 26E shows a fourth software system 1036 d that includes MICROSOFT Excel 1020. An add-in is installed in MICROSOFT EXCEL. The add-in extends the functionality of Excel by defining a set of custom functions that permit share definitions and consume requests to be defined in cells of a spreadsheet. In addition, the custom functions enable a user to provide login credentials entered in the spreadsheet to the stateful data sharing service when the spreadsheet is opened.” Pinto ¶ 324)

As to claims 5, 15, Shah in view of Pinto discloses the CRM/method of claims 2, 11 but does not disclose: 
wherein steps of claim 1 are implemented using an add-in to the client-side program.


wherein steps of claim 1 are implemented using an add-in to the client-side program.
(“FIG. 26E shows a fourth software system 1036 d that includes MICROSOFT Excel 1020. An add-in is installed in MICROSOFT EXCEL. The add-in extends the functionality of Excel by defining a set of custom functions that permit share definitions and consume requests to be defined in cells of a spreadsheet. In addition, the custom functions enable a user to provide login credentials entered in the spreadsheet to the stateful data sharing service when the spreadsheet is opened.” Pinto ¶ 324)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Shah in view of Pinto with Pinto by including the Microsoft EXCEL application as the collaboration application.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to further combine Shah in view of Pinto with Pinto in order to store user preference information and to enable collaboration among plural users (Pinto ¶¶ 324 and 209), thereby providing desired services to users of the system.


Claims 6, 8-10, 16, 18-19, 21-23, and 25-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah et al., US 2017/0374070 (filed 2016-01), in view of Pinto et al., US 2014/0281909 (filed 2014-01), and Shah et al., US 2016/0087957 (filed 2014-04), hereafter referred to as Shah2.
As to claims 6, 16 Shah in view of Pinto discloses the CRM/method of claims 5, 15 but does not disclose: 
Wherein the authentication method includes use of a JSON Web Token (JWT).

Shah2 discloses:
Wherein the authentication method includes use of a JSON Web Token (JWT).
(“the OP entity is part of the MFAS system, also referred to as the OP Service function (OPSF)…. After the successful execution of a multi-factor authentication policy, the MFAS may hand control to the OPSF entity, which then uses the aforementioned shared key to sign an OpenID assertion. The assertion may have different formats, such as a string of characters or a JSON Web token for example, according to standard specifications.” Shah2 ¶ 126)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Shah in view of Pinto with Shah2 by utilizing a JSON Web token to deliver assertions of entitlement following authentication.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Shah in view of Pinto with Shah2 in order to deliver the results of the authentication to the client using a known data standard, thereby easing interfacing between the components and allowing the re-use of proven software function which ease integration, maintenance, and programming burden. 

As to claims 8, 18, 21, 25, Shah in view of Pinto discloses the CRM/method/machine of claims 3, 13, 21, 24 but does not disclose: 
further including instructions executable by the one or more processors and when executed operable for selecting a User Interface (UI) display screen in accordance with the authentication method. 

Shah2 discloses:
further including instructions executable by the one or more processors and when executed operable for selecting a User Interface (UI) display screen in accordance with the authentication method. 
(different UIs for different user authentication factors: “At 2934, the MFAS 2916 may trigger the password authentication by sending an HTTP message to the user 2902 that prompts the user to enter a password.” Shah2 ¶ 243. “At 2964, the MFAS 2916 triggers the biometric authentication by sending an HTTPS message to the browser 2910. At 2966, the browser 2910 invokes the local bio-key client 2904 such that the client 2904 prompts the user 2902 to have her fingerprint scanned.” Shah2 ¶ 245)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Shah in view of Pinto with Shah2 by providing authentication user interface prompts to obtain user authentication factors that are needed.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to provide authentication prompts in order to 

As to claims 9, 22, 26 Shah in view of Pinto and Shah2 discloses the CRM/machine/machine of claims 8, 21, 25 and further discloses: 
further including instructions executable by the one or more processors and when executed operable for using the UI display screen to collect one or more credentials from a user. (different UIs for different user authentication factors: “At 2934, the MFAS 2916 may trigger the password authentication by sending an HTTP message to the user 2902 that prompts the user to enter a password.” Shah2 ¶ 243. “At 2964, the MFAS 2916 triggers the biometric authentication by sending an HTTPS message to the browser 2910. At 2966, the browser 2910 invokes the local bio-key client 2904 such that the client 2904 prompts the user 2902 to have her fingerprint scanned.” Shah2 ¶ 245)

As to claims 10, 23, 27 Shah in view of Pinto and Shah2 discloses the CRM/machine/machine of claims 9, 22, 26 and further discloses: 
further including instructions executable by the one or more processors and when executed operable for employing the credentials to facilitate authenticating the user (authenticating a user: “224, where the local and/or network-based authentications are performed.” Shah ¶ 45. “MFAP 106 may perform a user password authentication without a separate user authentication application.” Shah ¶ 49) and client-side program (Applicant’s specification ¶ 62 as filed: “Note that upon verification of valid authentication credentials 144, the user has successfully authenticated. However, the 

As to claim 19, Shah in view of Pinto and Shah2 discloses the method of claim 18 and further discloses: 
using the UI display screen to collect one or more credentials from a user; (different UIs for different user authentication factors: “At 2934, the MFAS 2916 may trigger the password authentication by sending an HTTP message to the user 2902 that prompts the user to enter a password.” Shah2 ¶ 243. “At 2964, the MFAS 2916 triggers the biometric authentication by sending an HTTPS message to the browser 2910. At 2966, the browser 2910 invokes the local bio-key client 2904 such that the client 2904 prompts the user 2902 to have her fingerprint scanned.” Shah2 ¶ 245) and employing the credentials to facilitate authenticating the user (authenticating a user: “224, where the local and/or network-based authentications are performed.” Shah ¶ 45. “MFAP 106 may perform a user password authentication without a separate user authentication application.” Shah ¶ 49) and client-side program (Applicant’s specification ¶ 62 as filed: “Note that upon verification of valid authentication credentials 144, the user has successfully authenticated. However, the client-side program 16 of Fig. 1 is also said to be authenticated for access to and use of the web service(s) or API(s) 26 of Fig. 1”) for   


Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah et al., US 2017/0374070 (filed 2016-01), in view of Pinto et al., US 2014/0281909 (filed 2014-01), and Platt et al., US 2009/0249440 (filed 2009-03).
As to claims 7, 17, Shah in view of Pinto discloses the CRM/method of claims 5, 15 but does not disclose: 
Wherein the authentication method includes basic access authentication (BASIC). 

Platt discloses:
Wherein the authentication method includes basic access authentication (BASIC). 
(“In the context of HTTP basic, authentication may be carried out by setting an authorization header in the Http requests sent to the server. The header may include the username and password in a base 64 encoded format. In many implementations, the same information is sent via the header each time, so it isn't necessary to reset this header at any point. More details can be found at http://en.wikipedia.org/wiki /Basic_access_authentication HTTP Basic” Platt ¶ 138)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Shah in view of Pinto with Platt by utilizing an HTTP Basic authentication mechanism to authenticate the user.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Shah in view of Pinto with Platt in order to utilize a known password authentication mechanism, thereby easing interfacing between the components and allowing the re-use of proven software function which ease integration, maintenance, and programming burden. 


Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Potter et al., US 2006/0026671, discloses a server supplied authentication type list which the client selects compatible types from. 
Patel et al., US 2014/0136936, discloses a spreadsheet application that obtains data cells from a server using REST.
Prish, US 2012/0011195, discloses a spreadsheet webservice implmented using REST. 
Rossi et al., US 20070033643, discloses a server proposed and client selected authentication method.


Borakar et al., US 20190222576, discloses determining authentication capabilities of a device by a server and then presenting a user with authentication options for selection.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165.  The examiner can normally be reached on M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/MICHAEL W CHAO/           Examiner, Art Unit 2492