Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner’s Note (3)
	This Corrected Notice of Allowance has been issued to consider the IDS filed on 11/11/2021 after issuance of Notice of Allowance on 10/21/2021.
Examiner’s Note (2)
	This Corrected Notice of Allowance has been issued to consider the IDS filed on 10/07/2021 after issuance of Notice of Allowance on 09/01/2021.
Examiner’s Note (1)
Examiner called Applicant and discussed the case with the Applicant. Examiner proposed incorporating features of claims 4-6 to all the proposed independent claims 1, 8 & 15, and also mentioned that proposed amendment will also obviate any potential double patenting issues with other related filed cases. Examiner further stated that if the Applicant agreed to the recommendations proposed by the Examiner, the case will placed in allowable condition. The Applicant agreed to consider the suggestions and get back with a definite response shortly. Subsequently, the Applicant emailed the proposed amendment as recommended by Examiner (please see attached “Email from the Applicant” for details). The case has now been placed in allowable condition.
EXAMINER’S AMENDMENT
An examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided 
Authorization for this examiner's amendment was given via email from Janyce Mitchell (Reg. No.40,095) on 6/25/2021.. 
AMENDMENTS TO THE CLAIMS:
      The following listing of claims will replace all prior versions and listings of claims in this application. 
(Currently Amended) A method, comprising:
performing a read only binding of a service to the federated identity management data source;
receiving a communication for a data source at a wrapper, the wrapper including a dispatcher and [[a]]the service, the dispatcher receiving the communication and being data agnostic, the communication corresponding to end user credentials for an end user;
providing the communication from the dispatcher to the data source and to the service; 
authenticating, using the service, the end user based on the end user credentials and utilizing federated identity management, the authenticating further including
providing the end user credentials to the federated identity management data 
source;
searching the federated identity management data source for the end user using the read only binding;
binding the service to the federated identity management data source as a proxy for the end user if the end user is authenticated; and
searching the federated identity management data source for at least one group to which the end user belongs.

(Currently Amended) The method of claim 1, further comprising:
accessing the data source by the wrapper as [[a]]the proxy for the end user if the end user is authenticated using the federated identity management.

(Original) The method of claim 2, further comprising:
logging end user activities for the data source.

(Canceled) 

(Canceled)

(Canceled) 

(Original) The method of claim 1 further comprising:
preventing access to the data source if the end user is not authenticated utilizing the federated identity management:

(Currently Amended) A system, comprising:
a processor configured to: 
perform a read only binding of a service to the federated identity management data source;
receive a communication for a data source at a wrapper, the wrapper including a dispatcher and [[a]]the service, the dispatcher receiving the communication and being data agnostic, the communication corresponding to end user credentials for an end user;
provide the communication from the dispatcher to the data source and to the service;
authenticate, using the service, the end user based on the end user credentials and utilizing federated identity management, wherein to authenticate, the processor is further configured to
provide the end user credentials to the federated identity management data source; and
search the federated identity management data source for the end user using the read only binding;
bind the service to the federated identity management data source as a proxy for the end user if the end user is authenticated; and
search the federated identity management data source for at least one group to which the end user belongs; and
a memory coupled to the processor and configured to provide the processor with instructions.

(Currently Amended) The system of claim 8, wherein the processor is further configured to:
access the data source by the wrapper as [[a]]the proxy for the end user if the end user is authenticated using the federated identity management.

(Original) The system of claim 9, wherein the processor is further configured to:
log end user activities for the data source.

(Canceled)

(Canceled)

(Canceled)

(Original) The system of claim 8 wherein the processor is further configured to:
prevent access to the data source if the end user is not authenticated utilizing the federated identity management:

(Currently Amended) A computer program product, the computer program product being embodied in a tangible computer readable storage medium and comprising computer instructions for:
performing a read only binding of a service to the federated identity management data source;
receiving a communication for a data source at a wrapper, the wrapper including a dispatcher and [[a]]the service, the dispatcher receiving the communication and being data agnostic, the communication corresponding to end user credentials for an end user;
providing the communication from the dispatcher to the data source and to the service;
authenticating, using the service, the end user based on the end user credentials and utilizing federated identity management, the computer instructions for authenticating further including computer instructions for
providing the end user credentials to the federated identity management data source; and
searching the federated identity management data source for the end user using the read only binding;
binding the service to the federated identity management data source as a proxy for the end user if the end user is authenticated; and
searching the federated identity management data source for at least one group to which the end user belongs.

(Currently Amended) The computer program product of claim 15, wherein the computer instructions further include computer instructions for:
accessing the data source by the wrapper as [[a]]the proxy for the end user if the end user is authenticated using the federated identity management.

(Original) The computer program product of claim 16, wherein the computer instructions further include computer instructions for:
logging end user activities for the data source.

(Canceled) 

(Canceled) 

(Canceled) 

Allowable Subject Matter
Claims 1-3, 7-10 & 14-17 are allowed.
	
		The following is an examiner’s statement of reasons for allowance:
Regarding claims 1, 8  & 15, although the prior art of record teaches (such as, Shah (US 20170374070 in paragraph 0032) authenticating, using the service, the end user based on the end user credentials and utilizing federated identity management; none of the prior art, alone or in combination teaches performing a read only binding of a service to the federated identity management data source; receiving a communication for a data source at a wrapper, the wrapper including a dispatcher and the service, the dispatcher receiving the communication and being data agnostic, the communication corresponding to end user credentials for an end user; providing the end user credentials to the federated identity management data source; searching the federated identity management data source for the end user using the read only binding; binding the service to the federated identity management data source as a proxy for the end user if the end user is authenticated; and searching the federated identity management data source for at least one group to which the end user belongs; in view of other limitations of claims 1, 8 & 15.
	The closest prior art (patent publications) made of records are: 
Shah (US 20170374070) teaches that current approaches to multi-factor authentication lack scalability, among other capabilities and efficiencies. Described herein are methods, devices, and systems that provide for robust and scalable multi-factor authentication using a combination of network-based and device-based authentications. In an example embodiment, a common policy framework enables policy enforcements to be carried out in the network or on the device. As described below, the framework may provide synchronization of policies and authentication results between a network entity and an entity on a user device. 
 Bleau (US20160255137as mentioned in IDS dated 2/21/2020) teaches that the described embodiments perform operations to enable access to services provided by applications executing on service providing devices by applications executing in service requesting devices. In the described embodiments, a service providing device executes a "dispatcher" system service that performs operations for interfacing between service-providing applications and service requesting devices. For example, the dispatcher application performs operations for advertising the availability of services on the service providing device and for proxying communication between the service and service requesting devices. In addition, service requesting devices execute a "forwarder" system service that performs operations for interfacing between service-requesting applications and service providing devices. For example, the forwarder application performs operations for recognizing when applications are to access services, selecting an available service for an application to access, and for proxying communication between the application and a service providing device. 
 Fitch (US20140337974 ) teaches that authenticated requests can be sent without requiring the requests to include or potentially expose secret information used for the authentication process. A client device use a security credential such as a key to sign a request to be sent to a recipient. When the request is received, the recipient determines whether the request was signed using the correct key for the sender. In some embodiments a client token is included with the request that statelessly encodes the key, enabling a recipient capable of decoding the client token to determine the key and compare that key to the signature of the request. The sender can store the secret information in a secure location, such as a browser security module, such that the secret information is not exposed to the browser or script executing on the client device. 
 Koushik (US20160134616) teaches a service provider system may include an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform. 
 Ma (US20150244696) teaches systems and methods for user authentication within federated computing systems are provided. In a session, a user can be authenticated multiple times by different authentication methods for different servers of the federated system, however, once the user has been authenticated by any given authentication method, the user need not repeat that method. Systems of the present invention comprise a plurality of servers including an authentication server. The authentication server maintains authentication records for users, where each record includes which authentication methods apply to which servers. When a user first seeks access to a particular server, the server identifies the user and the server to the authentication server. If the user has already been authenticated elsewhere according to the authentication method required by the new server, the authentication server indicates to the new server that the user is authenticated, else the authentication server invokes the necessary authentication method. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHER A KHAN/           Primary Examiner, Art Unit 2497