DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 10/27/2021, with respect to claim objections, claim interpretations under 35 U.S.C. 112(f) and claims over prior art have been fully considered and are persuasive.  The claim objections, claim interpretations under 35 U.S.C. 112(f) and rejections under 35 U.S.C. 112(f) has been withdrawn in view of applicant claim amendments filed 10/27/2021. 
Allowable Subject Matter
Claim1-3 and 5-7 allowed. Claims 4 and 8 have been cancelled. 
The following is an examiner’s statement of reasons for allowance:
The prior art, Khitrenovich et al (US 9,594,911), discloses receiving a request from a browser executing on a user device for a beacon image. The data is collected in response to the browser request for the beacon image from the user device associated with the browser. The data is provided for a risk assessment of the access request to the protected resource
The prior art, Ackerman et al (US 2019/0123904), discloses adding a security heartbeat for and endpoint as a factor in a multi-factor authentication system. The security heartbeat may be used directly as an authentication factor, e.g., where the heartbeat provides a reliable and verifiable indication of identity, or the security 
The prior art, Li et al (US 2018/0018475), discloses a protected application residing in user space is activated and controlled by application controlling module. The application controlling module transmits first file access request information and identification information relative to protected application to storage filtering module. The storage filtering module transmits the first file access request information to the file redirecting module in accordance with the identification information. The file redirecting module forwards the first file access request information to the security driving module. The security driving module accesses the protected files stored in the protected space in accordance with the first file access request information, and returns a first access result of the first protected files to the protected application.
The prior art, Hariya et al (US 2008/0244719), discloses operating a cookie setting service for setting a cookie in a specific user terminal in response to a request from a specific user terminal. Another cookie setting service setting another cookie is operated in the specific user terminal when the latter cookie setting service receives a cookie setting request from the former cookie setting service via the specific user terminal. The use of an authentication server is indicated as a notification range by the latter cookie.
However, the prior art, either alone or in combination does not expressly disclose “when a user operates the at least one hardware processor to execute an unprotected start-up procedure to start up the browser application to access from the unprotected space and further to link to the cloud service system, the at least one hardware processor makes the browser application to link to the cloud service system through the first network, the user operates the browser application to transmit a login request information to the cloud service system, the cloud service system forwards the login request information to the authentication server through the second network, the authentication server transmits an authentication data request information to the cloud service system in response to the login request information, the cloud service system forwards the authentication data request information to the browser application, the user operates the browser application to input a second authentication data in response to the authentication data request information and transmits the second authentication data to the cloud service system, the cloud service system forwards the second authentication data to the authentication server, the authentication server judges if the second authentication data has the characteristic data associated with the protected space, and if NO, the authentication server transmits an alert message representative of refusal of login to the cloud service system, the cloud service system forwards the alert message to the browser application; and  when the user operates the at least one hardware processor to execute a protected start-up procedure to start up the browser application to access from the protected space and further to link to the cloud service system, the at least one hardware processor makes the browser application to link to the cloud service system through the safety gateway and the first network, the user operates the browser application to transmit the login request information to the cloud service system, the cloud service system forwards the login request information to the authentication server through the second network, the authentication server transmits the authentication data request information to the cloud service system in response to the login request information, the cloud service system forwards the authentication data request information to the browser application, the user operates the browser application to input a third authentication data in response to the authentication data request information, the browser application accesses the characteristic data associated with the protected space from the protected space, combines the third authentication data with the characteristic data associated with the protected space into a fourth authentication data, and transmits the fourth authentication data to the cloud service system, the cloud service system forwards the fourth authentication data to the authentication server, the authentication server judges if the fourth authentication data has the characteristic data associated with the protected space, and if YES, the authentication server judges if the third authentication data matches one of the plurality of first authentication data, and if YES, the authentication server transmits a login confirmation message to the cloud service system, and the cloud service system forwards the login confirmation message to the browser application.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
Authorization for this examiner’s amendment was given in an interview with Bob Gnuse on 11/8/2021.
PLEASE AMEND CLAIM 1 AS FOLLOWS:
1. (Currently Amended) A managing system for managing authentication for a cloud service system, comprising: 
a data processing apparatus, coupled to the cloud service system through a first network, the data processing apparatus comprising: 
a hardware data storage, being divided into an unprotected space and a protected space, wherein a browser application is stored in the hardware data storage, a characteristic data associated with the protected space is stored in the protected space; and 
at least one hardware processor, coupled to the hardware data storage;
a safety gateway, coupled to the data processing apparatus; and 
an authentication server, coupled to the cloud service system through a second network and therein storing a plurality of first authentication data; 
wherein when a user operates the at least one hardware processor to execute an unprotected start-up procedure to start up the browser application to access from the unprotected space and further to link to the cloud service system, the at least one hardware processor makes the browser application to link to the cloud service system through the first network, the user operates the browser application to transmit a login request information to the cloud service system, the cloud service system forwards the login request information to 
wherein when the user operates the at least one hardware processor to execute a protected start-up procedure to start up the browser application to access from the protected space and further to link to the cloud service system, the at least one hardware processor makes the browser application to link to the cloud service system through the safety gateway and the first network, the user operates the browser application to transmit the login request information to the cloud service system, the cloud service system forwards the login request information to the authentication server through the second network, the authentication server transmits the authentication data request information to the cloud service system in response to the login request information, the cloud service system forwards the authentication data request information to the browser application, the user operates the browser application to input a third authentication data in response to the authentication data .  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Bemmel (US 2009/0006861) discloses secure access to a web page using a personal pass-phrase to prevent phishing attacks. Upon requesting a web page from a user device, a determination is made as to whether or not an encrypted cookie exists for the requested web page. An encrypted cookie includes the personal pass-phrase and at least one of an identifier of the user device, an identifier of a web browser from which the web page request is initiated, and information about the network path used to establish the personal pass-phrase. If an encrypted cookie does not exist, the user is provided a capability to create the encrypted cookie including a personal pass-phrase. If the encrypted cookie exists, the user device provides the encrypted cookie with the web 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic 
/KENDALL DOLLY/             Primary Examiner, Art Unit 2436