DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given by Burton Amernick (Reg. No. 24,852) on November 4, 2021.

The application has been amended as follows:

Regarding claim 1: (Currently Amended) An authentication system comprising:
a client terminal having a web browser; and
an authentication server that performs authentication in response to a request from the client terminal,
wherein the client terminal includes:
a certificate issuance request unit that transmits device information of the client terminal from the web browser to the authentication server to make a request for issuance of a certificate;

a first authentication request unit that transmits the certificate stored in the storage medium from the web browser to the authentication server together with the device information to make a request for first authentication; and
a second authentication request unit that transmits a user ID and a password input by a user from the web browser to the authentication server to make a request for second authentication after the first authentication request unit receives a notification that the first authentication is successful from the authentication server, and
the authentication server includes:
a certificate issuing unit that issues the certificate to the client terminal in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in a certificate information storage unit so as to be associated with the device information transmitted together with the certificate issuance request;
a first authentication processing unit that performs first authentication processing by comparing the certificate and the device information transmitted from the client terminal with a certificate and device information stored in the certificate information storage unit in response to the request from the first authentication request unit and notifies the client terminal of a result of success or failure of the first authentication processing; 
a second authentication processing unit that performs second authentication processing by comparing the user ID and the password transmitted from the client terminal with a user ID and a password, which are stored in advance in a user information storage ; and
wherein the second authentication processing unit performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit at first login, and performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit and checking whether or not at least one of the user ID and the password transmitted from the client terminal is associated with a certificate used for the first authentication at second and subsequent logins, and
after the second authentication is successful at the first login, the certificate issuing unit issues the certificate in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in the certificate information storage unit so as to be associated with the device information and stores association information, in which the issued certificate is associated with at least one of the user ID and the password used at the first login, in the certificate information storage unit.

Regarding claim 2: (Currently Cancelled)	

Regarding claim 8: (Currently Amended) An authentication server that performs authentication in response to a request from a client terminal having a web browser, comprising:

a first authentication processing unit that performs first authentication processing by comparing the certificate and the device information transmitted from the client terminal with a certificate and device information stored in the certificate information storage unit in response to a first authentication request transmitted together with the certificate issued by the certificate issuing unit and the device information and notifies the client terminal of a result of success or failure of the first authentication processing; and
a second authentication processing unit that performs second authentication processing by comparing a user ID and a password transmitted from the client terminal with a user ID and a password, which are stored in advance in a user information storage unit, in response to a second authentication request transmitted from the client terminal together with the user ID and the password after the client terminal is notified that the first authentication is successful, and notifies the client terminal of a result of success or failure of the second authentication processing; and
wherein the second authentication processing unit performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit at first login, and performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit and checking whether or not at least one of the user ID and the password transmitted from the client terminal is associated with a certificate used for the first authentication at second and subsequent logins, and
after the second authentication is successful at the first login, the certificate issuing unit issues the certificate in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in the certificate information storage unit so as to be associated with the device information and stores association information, in which the issued certificate is associated with at least one of the user ID and the password used at the first login, in the certificate information storage unit.

Regarding claim 9: (Currently Amended) An authentication method in an authentication system configured to include a client terminal having a web browser and an authentication server that performs authentication in response to a request from the client terminal, comprising:
a first step in which a certificate issuance request unit of the client terminal transmits device information of the client terminal from the web browser to the authentication server to make a request for issuance of a certificate;
a second step in which a certificate issuing unit of the authentication server issues the certificate to the client terminal in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in a certificate information storage unit so as to be associated with the device information transmitted together with the certificate issuance request;

a fourth step in which a first authentication request unit of the client terminal transmits the certificate stored in the storage medium from the web browser to the authentication server together with the device information to make a request for first authentication;
a fifth step in which a first authentication processing unit of the authentication server performs first authentication processing by comparing the certificate and the device information transmitted from the client terminal with a certificate and device information stored in the certificate information storage unit in response to the request from the first authentication request unit and notifies the client terminal of a result of success or failure of the first authentication processing;
a sixth step in which a second authentication request unit of the client terminal transmits a user ID and a password input by a user from the web browser to the authentication server to make a request for second authentication after the first authentication request unit receives a notification that the first authentication is successful from the authentication server; and
a seventh step in which a second authentication processing unit of the authentication server performs second authentication processing by comparing the user ID and the password transmitted from the client terminal with a user ID and a password, which are stored in advance in a user information storage unit, in response to the request from the ; and
wherein the second authentication processing unit performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit at first login, and performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit and checking whether or not at least one of the user ID and the password transmitted from the client terminal is associated with a certificate used for the first authentication at second and subsequent logins, and
after the second authentication is successful at the first login, the certificate issuing unit issues the certificate in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in the certificate information storage unit so as to be associated with the device information and stores association information, in which the issued certificate is associated with at least one of the user ID and the password used at the first login, in the certificate information storage unit.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
Claims 1 and 3-9 are considered allowable.



The Prior Art Belton et al. US Patent Application Publication No. 2014/0047510 teaches systems and methods for device-agnostic, multi-factor network authentication. In some embodiments, a wireless network connection can authenticate a device over secure authentication means with a certificate that confirms a device identity. After authenticating the device, a user can be prompted to provide credentials in a captive portal. The captive portal can be inaccessible to devices that have not already authenticated using a certificate. After providing approved credentials to the captive portal, the user can access the network. This embodiment and additional embodiments are readily integrated into private wireless networks and others.



The instant application is allowable over Wei, Belton et al., and Grajek et al. described above, either singularly or in combination, due to the instant application teaching a different and detailed method and apparatus of a certificate issued by an authentication server in response to a request from a client terminal is stored in an issued certificate storage unit, and the stored certificate is transmitted to the authentication server together with device information to execute first authentication and then a user ID/password is transmitted to the authentication server to execute second authentication, so that it is possible to perform the first authentication using a certificate and perform the second authentication using a user ID/password without setting up the service usage environment 

The prior art of record does not disclose, teach, or suggest neither singly nor in combination the claimed limitations of “[A]n authentication system; a first authentication request unit that transmits the certificate stored in the storage medium from the web browser to the authentication server together with the device information to make a request for first authentication; and a second authentication request unit that transmits a user ID and a password input by a user from the web browser to the authentication server to make a request for second authentication after the first authentication request unit receives a notification that the first authentication is successful from the authentication server, and wherein the second authentication processing unit performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit at first login, and performs the second authentication processing by comparing the user ID and the password transmitted from the client terminal with the user ID and the password stored in advance in the user information storage unit and checking whether or not at least one of the user ID and the password transmitted from the client terminal is associated with a certificate used for the first authentication at second and subsequent logins, and after the second authentication is successful at the first login, the certificate issuing unit issues the certificate in response to the certificate issuance request from the certificate issuance request unit and stores the issued certificate in the certificate information storage unit so as 

Therefore the claims of the instant application are allowable over the cited prior art.
[AltContent: textbox ()]
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/
 Examiner, Art Unit 2439         



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439