DETAILED ACTION
This Non Final Office Action is in response to Application filed on 08/14/2020.
Claims 1-20 filed on 08/14/2020 are being considered on the merits.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 08/14/2020 are accepted.












Claim Objections
Claims 7, 17 and 20 objected to because of the following informalities:  
Claims 7 and 17 recite “whether credentials for the user and the resource are present in the database.” There is insufficient antecedent bases for “the database”. Examiner recommends replacing “the database” with “a database”, referring to the database 160 recited in [0043, 0070] of the instant application.
Regarding claim 20, it is not clear from the recitation of claim 20 whether claim 20 is intended to be an independent claim or a dependent claim. Examiner recommends replacing “perform the method of claim 1” with the recitation of all the limitation of claim 1, if intended for claim 20 to be an independent claim. For examination purpose, claim 20 is examined as an independent claim.
Appropriate correction is required.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 5-7, 9-12, 15-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 .

	Regarding claim 1, Banerjee teaches a computer-implemented method for provisioning credentials (Banerjee discloses in the abstract technique of accessing resources by provisioning credentials indirectly), the method comprising: 
automatically detecting an attempt by a user to access an external network resource (Banerjee discloses when the end user enters  a URL, e.g. www.facebook.com, the browser extension executing on the web browser detects that the user is attempting to access the URL, [0081]  “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.”); 
determining whether the resource requires credentials for access (Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally. At step 3, the browser extension responsively generates and sends a protected resource access request to the credential management and secure information (ZPL) platform 540.”, where privileged resource requires credentials and user identity  verifications performed by ZPL application running in user mobile device 512 in Figure 5, as disclosed in [0084], [0085] “At step 10, the credential management and secure information (ZPL) platform 540 provides the credentials to the access system 510 and, more particularly, the browser extension operating with a web browser on the access system 510.”); 
determining whether credentials have been previously generated for the user and the resource (Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541…the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052], where the user credentials stored during the registration process as disclosed in [0021]); 
Banerjee discloses thee above limitations, and further discloses encrypted credentials. Banerjee however does not disclose the below limitations.
Sade discloses when the resource requires credentials for access and credentials have not previously been generated (Sade disclose [0030] “…determining, in response to the request, the existence or absence of provisioned credentials for the user client for the target service, and [0031] “i) when the provisioned credentials are absent”, [0182] “…determining if the provisioned credentials are already present. If not, new provisioned credentials are created in response to the request”, where the target service correspond to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service, by retrieving existing provisioned credentials or creating new provisioned credentials.”): 
generating credentials based at least in part on an [entropy target] and an identity of the user (Sade discloses [0031] “i) when the provisioned credentials are absent, creating new provisioned credentials for the user client”, [0056] “the credential generation module performs…registering the provisioned credentials with a user directory accessed by the target service to validate the provisioned credentials”, [0112] “…before the provisioned credentials are created it is first determined whether the user client is authorized to establish a session with the requested target service. Provisioned credentials are created only for authorized user clients.”, [0113] “provisioned credentials are created as follows: [0114] 1) Credentials including the required fields are generated (e.g. by creating strings, binary data and/or other credential data). The generated credentials may include an account name and a password”,
 [0135] “…provisioning system 500 has access to a user directory which holds user accounts. The user account stores the respective authentication and/or provisioned credentials and may also define which resources the respective user is entitled to use, so that provisioning system 500 may issue provisioned credentials only to entitled users. A user account may be created for any type of user, including human users and/or applications and/or groups of users.”, [0176] “…the provisioned credentials are based on the user entitlements which are optionally determined from the authentication credentials”); 
storing the [encrypted] credentials in a memory (Sade [0114] “…the credential data is stored in a repository (e.g. local storage on the intermediate element, PAMS, target service or other locations).”, [0184] “Storing provisioned credentials for the respective user in a user directory connected to the communication network”, [0221] “…the privileged credentials are stored in a memory within or accessible to provisioning system 500.”, [0228] “…the user directory is accessible by the target service and validates provisioned credentials to the target service.”).  
[0245] “the communication protocol is a Web pages protocol, and the provisioning system provisions the provisioned credentials by automatically filling in fields in web forms and other HTML elements.”
[0265] “The provisioning system may generate provisioned credentials internally (e.g. random credentials) and/or store provisioned credentials in an internal directory.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).
Banerjee in view of Sade do not disclose the below limitations. Emphasis in Italic.
requesting, over a network, a public cryptographic key from a key server; receiving, over the network, the public cryptographic key from the key server; encrypting the credentials using the public cryptographic key (Yang discloses sending a request to network device, corresponding to a key server, to establish wireless connection 231 and subsequent to the request and the established wireless connection, a public key is received to encrypt credentials, [0082] “Wireless communication unit 330 is configured to send a wireless connection request to the network device, the network device being associated with a network device identifier, the connection request comprising the network device identifier, and establishing a first wireless connection 231 with the network device. Connection request follows the same wireless protocol for which wireless communication device 230 is configured, e.g., Wi-Fi.”, [0083] “Provisioning unit 320 is configured to receive the public key from the network device over the established first wireless connection 231, to encrypt the credentials through the public key”); and 
storing the encrypted credentials in a memory (Yang discloses in in [0008, 0068-0069] that encryptions are communicated between devices only in encrypted form, indicating that the encrypted credentials are stored before communication, [0092] further discloses that encrypted credentials only transmitted after receiving verifications indicating storing encrypted credentials until verification is received from recipient device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade to 
Banerjee in view of Sade and Yang disclose the aforementioned limitations, where Sade discloses in [0112-0113, 0176] the credential provisioning generation/creation for accessing resources, where the provisioned credentials are generated based on the identity of the user(s) and their entitlement, i.e. whether the user(s) are authorized, Sade further disclose the provisioned credentials may include password, user account name, binary data and other credential data, and further discloses in [0226] that the provisioned credentials may be randomly generated credentials. While the concept of generating credentials based on entropy target is vaguely defined in the claim, however, Banerjee in view of Sade and Yang does not disclose generating credentials based on entropy target.
Lew discloses generating credential based on entropy target (Lew discloses in [0030] credential based on random phrase audio recording, [0036] “…analyzing an audio recording generated by the client device 110, where the audio recording includes the vocalization of a random phrase previously generated by the online system 150 for the user.”,
Consistent with the description of entropy target/source recited in [0049] of the instant application as random data of audio clips).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade and Yang to incorporate the teaching of Lew to utilize the above feature, with the motivation of 

Regarding claim 2, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not teach the below limitation.
Yang teaches further comprising: identifying a private cryptographic key corresponding to the public cryptographic key; decrypting the encrypted credentials using the private cryptographic key (Yang discloses [0068] “Key memory 212 stores a cryptographic public key and a corresponding private key. The public and private keys are suitable for so-called asymmetric cryptography.”, [0079] “…receive encrypted credentials wirelessly from configurator device 300 over first wireless connection 231; and to decrypt the encrypted credentials through the private key from key memory 212 to obtain the credentials”, further discloses in [0083-0084] encrypting credential with public key and subsequently decrypting the credential using the corresponding private key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Yang to utilize the above feature, with the motivation of impeding credentials attacks, as recognized by (Yang [0008]).
Banerjee in view of Yang and Lew discloses the above limitations. Yang further discloses using the decrypted credential to connect to an access point as disclosed in 
Sade discloses inserting the decrypted credentials in a web form to access the resource (Sade discloses in [0245] “provisioning system provisions the provisioned credentials by automatically filling in fields in web forms”, to access target service, where the target service correspond to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).

Claim 12 is directed to a system, associated with the method claimed in claim 2. Claim 12 is similar in scope to claim 2, and is therefore rejected with the same rationale and motivation as claim 2. 

Regarding claim 5, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the automatically detecting the attempt comprises automatically detecting a universal resource locator (URL) of the resource (Banerjee [0081]  “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.” ).

Claim 15 is directed to a system, associated with the method claimed in claim 5. Claim 15 is similar in scope to claim 5, and is therefore rejected with the same rationale and motivation as claim 5. 
  
Regarding claim 6, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the determining whether the resource requires credentials for access comprises determining whether the resource is identified in a catalogue (Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally.”, where the process of looking up a stored hash value indicates a table/catalogue storing hash values).

Claim 16 is directed to a system, associated with the method claimed in claim 6. Claim 16 is similar in scope to claim 6, and is therefore rejected with the same rationale and motivation as claim 6. 
  
Regarding claim 7, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the determining whether credentials (Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “…the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541. In some embodiments, the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052, 0081]).  

Claim 17 is directed to a system, associated with the method claimed in claim 7. Claim 17 is similar in scope to claim 7, and is therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 9, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the credentials are generated based at least in part on user input from the user (Banerjee discloses in [0021] generating credential during registration based on input from the user, e.g. user password, user biometric information).


  
Regarding claim 10, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not disclose the below limitation.
Sade discloses wherein the credentials are generated based at least in part on user input from an administrator (Sade [0009] “provisioning user 100 manually on the target service by an administrator 110. The administrator connects to the target service (with credential set A) and creates provisioned credentials (set B)”, Sade further discloses the use of the system administrator providing user credentials in [0158] “The authentication credentials may be provided to the user client by any means known in the art (e.g. by a system administrator, by a user, by another system element, etc.).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]) and providing/generating credentials by one of finite means, e.g.  system administrator, by a user, by another system element as disclosed by (Sade [0158])

Regarding claim 11, Banerjee teaches a computer system (Banerjee discloses in the abstract Systems and technique of accessing resources by provisioning credentials indirectly) comprising: a processor; a memory in communication with the processor, the memory storing instructions that, when executed by the processor cause the processor to (Banerjee [0017] “The techniques introduced herein can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Hence, embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process…”, [0098] “FIG. 7, processing system 702 may comprise a micro-processor and other circuitry that retrieves and executes software 705 from storage system 703. Processing system 702 may be implemented within a single processing device”): 
automatically detect an attempt by a user to access an external network resource (Banerjee discloses when the end user enters  a URL, e.g. www.facebook.com, the browser extension executing on the web browser detects that the user is attempting to access the URL, [0081]  “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.”); 
(Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally. At step 3, the browser extension responsively generates and sends a protected resource access request to the credential management and secure information (ZPL) platform 540.”, where privileged resource requires credentials and user identity  verifications performed by ZPL application running in user mobile device 512 in Figure 5, as disclosed in [0084], [0085] “At step 10, the credential management and secure information (ZPL) platform 540 provides the credentials to the access system 510 and, more particularly, the browser extension operating with a web browser on the access system 510.”); 
determine whether credentials have been previously generated for the user and the resource (Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541...the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052], where the user credentials stored during the registration process as disclosed in [0021]); 
Banerjee does not disclose the below limitation.
(Sade disclose [0030] “…determining, in response to the request, the existence or absence of provisioned credentials for the user client for the target service, and [0031] “i) when the provisioned credentials are absent”, [0182] “…determining if the provisioned credentials are already present. If not, new provisioned credentials are created in response to the request”, where the target service correspond to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service, by retrieving existing provisioned credentials or creating new provisioned credentials.”): 
generate credentials based at least in part on [an entropy target] and an identity of the user (Sade discloses [0031] “i) when the provisioned credentials are absent, creating new provisioned credentials for the user client”, [0056] “the credential generation module performs…registering the provisioned credentials with a user directory accessed by the target service to validate the provisioned credentials”, [0112] “…before the provisioned credentials are created it is first determined whether the user client is authorized to establish a session with the requested target service. Provisioned credentials are created only for authorized user clients.”, [0113] “provisioned credentials are created as follows: [0114] 1) Credentials including the required fields are generated (e.g. by creating strings, binary data and/or other credential data). The generated credentials may include an account name and a password”,
 [0135] “…provisioning system 500 has access to a user directory which holds user accounts. The user account stores the respective authentication and/or provisioned credentials and may also define which resources the respective user is entitled to use, so that provisioning system 500 may issue provisioned credentials only to entitled users. A user account may be created for any type of user, including human users and/or applications and/or groups of users.”, [0176] “…the provisioned credentials are based on the user entitlements which are optionally determined from the authentication credentials”); 
[request, over a network, a public cryptographic key from a key server; receive, over the network, the public cryptographic key from the key server; encrypt the credentials using the public cryptographic key; and] 
store the [encrypted] credentials in the memory (Sade [0114] “…the credential data is stored in a repository (e.g. local storage on the intermediate element, PAMS, target service or other locations).”, [0184] “Storing provisioned credentials for the respective user in a user directory connected to the communication network”, [0221] “…the privileged credentials are stored in a memory within or accessible to provisioning system 500.”, [0228] “…the user directory is accessible by the target service and validates provisioned credentials to the target service.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously 
Banerjee in view of Sade do not disclose the below limitations. Emphasis in Italic.
Yang  discloses requesting, over a network, a public cryptographic key from a key server; receiving, over the network, the public cryptographic key from the key server; encrypting the credentials using the public cryptographic key (Yang discloses sending a request to network device, to establish wireless connection 231 and subsequent to the request and the established wireless connection, a public key is received to encrypt credentials, [0082] “Wireless communication unit 330 is configured to send a wireless connection request to the network device, the network device being associated with a network device identifier, the connection request comprising the network device identifier, and establishing a first wireless connection 231 with the network device. Connection request follows the same wireless protocol for which wireless communication device 230 is configured, e.g., Wi-Fi.”, [0083] “Provisioning unit 320 is configured to receive the public key from the network device over the established first wireless connection 231, to encrypt the credentials through the public key”); and 
storing the encrypted credentials in the memory (Yang discloses in in [0008, 0068-0069] that encryptions are communicated between devices only in encrypted form, indicating that the encrypted credentials are stored before communication, [0092] further discloses that encrypted credentials only transmitted after receiving verifications indicating storing encrypted credentials until verification is received from recipient device).  

Banerjee in view of Sade and Yang disclose the aforementioned limitations, where Sade discloses in [0112-0113, 0176] the credential provisioning generation/creation for accessing resources, where the provisioned credentials are generated based on the identity of the user(s) and their entitlement, i.e. whether the user(s) are authorized, Sade further disclose the provisioned credentials may include password, user account name, binary data and other credential data, and further discloses in [0226] that the provisioned credentials may be randomly generated credentials. While the concept of generating credentials based on entropy target is vaguely defined in the claim, however, Banerjee in view of Sade and Yang does not disclose generating credentials based on entropy target.
Lew discloses generating credential based on entropy target (Lew discloses in [0030] credential based on random phrase audio recording, [0036] “…analyzing an audio recording generated by the client device 110, where the audio recording includes the vocalization of a random phrase previously generated by the online system 150 for the user.”,
Consistent with the description of entropy target/source recited in [0049] of the instant application as random data of audio clips).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade and Yang 

Regarding claim 20, Banerjee teaches a non-transitory computer readable medium comprising a computer readable memory storing computer executable instructions ((Banerjee [0017] “The techniques introduced herein can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Hence, embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process…”, [0098] “FIG. 7, processing system 702 may comprise a micro-processor and other circuitry that retrieves and executes software 705 from storage system 703. Processing system 702 may be implemented within a single processing device”).
Claim 20 further recites performing the method of claim 1. All rationales and motivations applied to claim 1 is also applied to claim 20.

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang, Lew (US 20190238535 A1), hereinafter Lew and further in view of Pritchard (US 20110277019 A1), hereinafter Pritchard.

Regarding claim 3, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 2, 
Sade in view of Yang disclose inserting the decrypted credentials in a web form as disclosed in claim 2, however, Banerjee in view of Sade, Yang and Lew do not disclose that the decrypted credential is masked. Emphasis in Italic.
Pritchard discloses further comprising masking the decrypted credentials before the inserting the decrypted credentials (Pritchard disclose masking credentials when accessing devices, [0015] “provides a method, system, and computer program or web application for automating remote or local network device login/authentication, providing a masked login/authentication to remote and local devices on behalf of a user to devices to which the user has been granted access, while masking authentication credentials”, [0017] “…the endpoint of which is automatically defined by masked data within the database so that the user does not gain knowledge of the device's login/authentication credentials” ).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Pritchard to utilize the above feature, so that user does not gain knowledge of the device's login/authentication credentials, as recognized by (Pritchard [0017]).

. 


Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang, Lew (US 20190238535 A1), hereinafter Lew and further in view of Dickgiesser (US 20120110330 A1), hereinafter Dickgiesser.

Regarding claim 4, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, further comprising: 
Banerjee in view of Sade, Yang and Lew discloses the above limitations, Sade further discloses generating/creating credentials. However, Banerjee in view of Sade, Yang and Lew do not disclose the below limitation.
Dickgiesser discloses requesting real-time approval before generating the credentials (Dickgiesser illustrates in Figure 2 (216-224) a system with automatic approval upon receiving request for activating credential, where the system automatic approval upon receiving request corresponds to real-time approval, [0012] “…upon receipt of the request may automatically generate or activate the login credentials and send the login credentials to the support resource.”, examiner noes that the automatic approval and credential providing is a real-time approval, as the system 202 in Figure 2 completes the approval and credential providing without any decision making delay or user intervention required). 
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Dickgiesser to utilize the above feature, with the motivation of automatically approving and provide credentials for analyzing errors, as recognized by (Dickgiesser [0009]).

Claim 14 is directed to a system, associated with the method claimed in claim 4. Claim 14 is similar in scope to claim 4, and is therefore rejected with the same rationale and motivation as claim 4. 

 
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang, Lew (US 20190238535 A1), hereinafter Lew and further in view of Yeddula (US 20190349360 A1), hereinafter Yeddula.

Regarding claim 8, Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not disclose the below limitation.
[cryptographically secure] random number generator (Sade [0226] “credential generation module 660 creates random provisioned credentials.”, [0265] “The provisioning system may generate provisioned credentials internally (e.g. random credentials) and/or store provisioned credentials in an internal directory.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).
Banerjee in view of Sade, Yang and Lew do not disclose cryptographically secure random number generator.
Yeddula discloses cryptographically secure random number generator (Yeddula discloses in [0073] access token can be generated using a cryptographically secure random number generator. associated with a credential).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Yeddula to utilize the above feature, with the motivation of provisioning and managing access tokens, as recognized by (Yeddula [0049]]).

. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Novak (US 20130205360 A1) discloses [0182] a method includes determining if a provisioned credentials are already present. If not, new provisioned credentials are created in response to the request. [0071] user credentials are maintained in a secure manner, such as being encrypted using a key of (e.g., a secret key known only to) credential service. Credential service decrypts, based on this key, the user credentials to provide to a Web service or other identity provider via a secure session as discussed above. [0073] the computing device decrypts the encrypted value using the key of the computing device. The computing device communicates the decrypted value to credential service, which further decrypts the received value using the key of credential service.
Kus (US 20160119348 A1) discloses in e.g. [0061-0062] a device automatically making requests with a browser application. External resources that are outside the enterprise network can be transparently accessible to the user of the secure browser application via single sign-on functionality.
Johansson (US 9225704 B1) discloses in e.g. Figure 3B authenticate a user and determining whether user is to be provided with access to third party resources.

Ashley (US 9967236 B1) discloses “credentials (e.g., usernames and/or passwords) are securely stored on a network device (e.g., the credentials can be hashed, encrypted, and/or otherwise obfuscated to securely store the credentials data on the security device).”
Pereira (US 20180262471 A1) discloses identity verification and authentication method and system, where the verification includes decrypting dynamic credentials to determine which unique registered user and computing device created them and passes this information to a website operator through a secure server-to-server connection, where the website operator then provides appropriate access to restricted resource to the user, where the server may be hosted by the website operator or a third party.
Agrawal  (US 20160094961 A1) discloses in e.g. [0047-0048] and Figure 4, if the user is a first time user, the application may request that the user register new login credentials, such as a registered user name and password, a user may register new login credentials using a mobile device.
without delay after receiving the new user request from the new user.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705.  The examiner can normally be reached on Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  






/BASSAM A NOAMAN/Examiner, Art Unit 2497