Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Attorney Marc Boillot on 10/26/2021.

The application has been amended as follows: 

(Currently Amended) A method for authenticating a user, comprising:
receiving, by a first server, from at least one device, at least one identifier relating to a user;
retrieving, by the first server, at least one reference user credential associated with the at least one user identifier;
generating, by the first server, at least one reference authentication token, the at least one reference authentication token being generated based upon the at least one reference user credential and at least one predetermined key;
sending, by the first server, to a second server, at least one identifier relating to a device to be addressed, the at least one reference authentication token and at least one script for requesting the user to provide at least one user credential;
sending, by the second server, to the device, at least one request for getting at least one user credential by executing the at least one script for requesting the user to provide at least one user credential;
getting, by the device, from the user, at least one submitted user credential;
generating and sending, by the device, to the second server, at least one submitted authentication token, the at least one submitted authentication token being generated based upon the at least one submitted user credential and the at least one predetermined key, the device storing the at least one predetermined key;
comparing, by the second server, each of the at least one submitted authentication token to the received reference authentication token and generates at least one comparison result and/or an authentication result;
-sending, by the second server, to the first server, the at least one comparison result and/or the authentication result;[[.]]
	wherein, prior to generating the at least one reference authentication token, the first server generates the at least one predetermined key by using a key generation algorithm and secret data, the key generation algorithm and the secret data being shared with the device and, prior to generating the at least one submitted authentication token, the device generates the at least one predetermined key by using the key generation algorithm and the secret data.

(Previously amended) Method according to claim 1, wherein, prior to generating the at least one reference authentication token, the first server generates and sends to the device the at least one predetermined key.

(Cancelled).

(Previously amended) Method according to claim 1, wherein, prior to sending the at least one reference authentication token, the first server encrypts the at least one reference authentication token by using a public key relating to the second server and/or signs the at least one reference authentication token by using a private key relating to the first server and/or, prior to sending the at least one submitted authentication token, the device encrypts the at least one submitted authentication token by using a public key relating to the second server and/or signs the at least one submitted authentication token by using a private key relating to the device.

(Previously amended) Method according to claim 1, wherein, prior to sending the at least one comparison result and/or the authentication result, the second server encrypts the at least one comparison result and/or the authentication result by using a public key relating to the first server and/or signs the at least one comparison result and/or the authentication result by using a private key relating to the second server.

(Previously amended)  Method according to claim 1, wherein the at least one predetermined key is unique and valid for the at least one reference authentication token and the at least one 

(Currently Amended) A system comprising: [[A]] 
a device for authenticating a user,
wherein the device is configured to:
receive from a second server at least one request for getting at least one user credential;
get, from the user, at least one submitted user credential; and
generate and send, to the second server, at least one submitted authentication token, the at least one submitted authentication token being generated based upon the at least one submitted user credential and at least one predetermined key,the device storing the at least one predetermined key[[.]]; 
a first server for authenticating a user,
wherein the first server is configured to:
receive, from at least one device, at least one identifier relating to a user;
retrieve at least one reference user credential associated with the at least one user identifier;
generate at least one reference authentication token, the at least one reference authentication token being generated based upon the at least one reference user credential and at least one predetermined key,;
send, to a second server, at least one identifier relating to a device to be addressed, the at least one reference authentication token and at least one script for requesting the user to provide at least one user credential; and
receive, from the second server, at least one comparison result and/or an authentication result; and
a second server for authenticating a user,
wherein the second server is configured to:
receive, from a first server, at least one identifier relating to a device to be addressed, at least one reference authentication token and at least one script for requesting the user to provide at least one user credential;
send, to the device, at least one request for getting at least one user credential by executing the at least one script for requesting the user to provide at least one user credential;
receive, from the device, at least one submitted authentication token;
compare each of the at least one submitted authentication token to the received reference authentication token;
generate at least one comparison result and/or an authentication result; and
send, to the first server, the at least one comparison result and/or the authentication result, wherein, prior to generating the at least one reference authentication token, the first server generates the at least one predetermined key by using a key generation algorithm and secret data, the key generation algorithm and the secret data being shared with the device and, prior to generating the at least one submitted authentication token, the device generates the at least one predetermined key by using the key generation algorithm and the secret data.

(Cancelled).
(Cancelled).

(Currently Amended) A system for authenticating a user,
wherein, the system including at least one device, a first server and at least one second server, the first server is configured to:
receive, from the at least one device, at least one identifier relating to a user;
retrieve at least one reference user credential associated with the at least one user identifier;
generate at least one reference authentication token, the at least one reference authentication token being generated based upon the at least one reference user credential and at least one predetermined key;
send, to a second server, at least one identifier relating to a device to be addressed, the at least one reference authentication token and at least one script for requesting the user to provide at least one user credential;
wherein the second server is configured to send, to the device, at least one request for getting at least one user credential by executing the at least one script for requesting the user to provide at least one user credential;
wherein the device is configured to:
get, from the user, at least one submitted user credential;
generate and send, to the second server, at least one submitted authentication token, the at least one submitted authentication token being generated based upon the at least one submitted user credential and the at least one predetermined key, the device storing the at least one predetermined key;
wherein the second server is configured to:
compare each of the at least one submitted authentication token to the received reference authentication token;
generate at least one comparison result and/or an authentication result; and
send, to the first server, the at least one comparison result and/or the authentication result[[.]];
wherein, prior to generating the at least one reference authentication token, the first server generates the at least one predetermined key by using a key generation algorithm and secret data, the key generation algorithm and the secret data being shared with the device and, prior to generating the at least one submitted authentication token, the device generates the at least one predetermined key by using the key generation algorithm and the secret data.


Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art of record (in particular, the closest prior art of records Stanko US Pub. No.: 2005/0074126 A1 and Zhu et al. US Pub No.: 2007/0044143 A1, does not disclose, with respect to independent claims 1, 7 and 10: “sending, by the first server, to a second server, at least one identifier relating to a device to be addressed, the at least one reference authentication token and at least one script for requesting the user to provide at least one user credential; sending, by the second server, to the device, at least one request for getting at least one user credential by executing the at least one script for requesting the user to provide at least one user credential”; and  “wherein, prior to generating the at least one reference authentication token, the first server generates the at least one predetermined key by using a key generation algorithm and secret data, the key generation algorithm and the secret data being shared with the device and, prior to generating the at least one submitted authentication token, the device generates the at least one predetermined key by using the key generation algorithm and the secret data”, Rather, Stanko discloses Single sign-on over the internet using public-key cryptography; and Zhu discloses, distributed single sign-on service establishing authenticated communication between a client computing device and a service provider.  Accordingly, claims 1-2, 4-7 and 10 are allowed.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433           

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433