DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 16/836179 filed on 03/31/2020.
Claims 1-17 have been examined and are pending in this application. 

Claim Rejections – 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-7 are rejected under 35 U. S. C. 101 as being directed to non-statutory subject matter as being directed to an abstract idea without being integrated into a practical application or significantly more.

Regarding claim 1; the claim calls for a server; however, there is no hardware element found within the claimed server. As recited in the body of the claim, the claimed system includes only “a storage” and “a processor.” The specification does not explicitly define that the claimed ‘storage’ and ‘processor’ are hardware embodiments. 
Regarding the claimed ‘storage,’ at most, in par. 0059, the specification, just provides some examples of the claimed storage.  However, the specification does not explicitly define that the claimed storage is implemented in hardware.  One of ordinary skill in the art would understand that a ‘storage’ is “any medium in which data can be retained” (See Authoritative Dictionary of IEEE Standards Terms – Seven Edition, 
The nominal recitation of the machine/device in the preamble with an absence of a hardware element in the body of the claim fails to make the claim statutory under 35 USC 101.  See Am. Med. Sys., Inc v. Biolitec, Inc., 618 F.3d 1354, 1358 (Fed. Cir. 2010).  The Examiner respectfully suggests that the claim be further amended to positively recites at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.  
Regarding claims 2-7; claims 2-7 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


Claims 1, 4, 7-8, 13 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143), published on October 3, 2019, in view of Koya et al. (“Koya,” US 2018/0324159), published on November 8, 2018.

Regarding claim 1: Hamel discloses an authentication server connected to a plurality of client devices via a network, the authentication server comprising:
a storage that stores a database (Hamel: ¶0033 database system 200 comprises [...] storage 210) comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [...] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [...] credential storage 216 comprises credentials accessed by database system 200); and
a processor that:
upon receiving a first piece of user information from a first client device, determines whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined), and
upon determining that the database contains the first piece of credential information, sends to the first client device the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
Hamel does disclose credential information associated with user information provided but does not explicitly disclose credential information for logging into an application or service provided by an external server via each of the client devices and credential information required to allow a user to log into the application or service provided via the first client device.
However, Koya discloses credential information for logging into an application or service provided by an external server via each of the client devices (Koya: ¶0169 the particular access credentials include a userid and password usable to log on to the application service); and
credential information required to allow a user to log into the application or service provided via the first client device (Koya: ¶0166 block 704 may involve transmitting, by the server device and to the requesting device, the endpoint identifier and the particular access credentials. Reception of the endpoint identifier and the particular access credentials may cause the requesting device to remotely access the application service executing on the target computing device. For example, the requesting device may log in to the target computing device by way of the application service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Koya with the system and method of Hamel to include credential information required to allow a user to log into the application or service provided to provide user with a means for remotely accessing multiple computer devices through the use of the appropriate credentials (Koya: ¶0003).

Regarding claim 4: Hamel in view of Koya discloses the authentication server according to claim 1.
Koya further discloses wherein the storage further stores a priority level for each of the first pieces of credential information (Koya: ¶0112 any other type of credential, may be stored in a table with additional fields. These additional fields may include [...] a priority of the credential amongst credentials of the same type), and
the processor selects one or more of the first pieces of credential information based on the priority level, and sends the selected one or more of the first pieces of credential information to the first client device (Koya: ¶0126 if multiple SSH credentials are found and a label is not specified in the request, the SSH credentials with the highest priority may be selected. If a label is specified in the request, the SSH credentials associated with the label and having the highest priority may be selected. As noted above, if multiple credentials with the same priority fit the selection criteria, one of these credentials may be randomly selected).
The motivation is the same that of claim 1 above.

Regarding claim 7: Hamel in view of Koya discloses the authentication server according to claim 1.
Hamel further discloses wherein the client devices include at least one of a security door, a Multifunction Peripheral (MFP), a cellular phone, a personal computer (PC), and Internet of Things (IoT) device (Hamel: ¶0035 user system 400 comprises a personal computer, a mobile device, a tablet computer).

Regarding claim 8: Hamel discloses an authentication method using an authentication server that is connected to a plurality of client devices via a network, and comprises a storage and a processor, the method comprising:
storing, in the storage (Hamel: ¶0033 database system 200 comprises [...] storage 210), a database comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [...] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [...] credential storage 216 comprises credentials accessed by database system 200); and
upon the processor receiving a first piece of user information from a first client device, determining, by the processor, whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined), and
upon the processor determining that the database contains the first piece of credential information, sending, by the processor to the first client device, the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
Hamel does disclose credential information associated with user information provided but does not explicitly disclose credential information for logging into an application or service provided by an external server via each of the client devices and credential information required to allow a user to log into the application or service provided via the first client device.
However, Koya discloses credential information for logging into an application or service provided by an external server via each of the client devices (Koya: ¶0169 the particular access credentials include a userid and password usable to log on to the application service); and
credential information required to allow a user to log into the application or service provided via the first client device (Koya: ¶0166 block 704 may involve transmitting, by the server device and to the requesting device, the endpoint identifier and the particular access credentials. Reception of the endpoint identifier and the particular access credentials may cause the requesting device to remotely access the application service executing on the target computing device. For example, the requesting device may log in to the target computing device by way of the application service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Koya with the system and method of Hamel to include credential information required to allow a user to log into the application or service provided to provide user with a means for remotely accessing multiple computer devices through the use of the appropriate credentials (Koya: ¶0003).

Regarding claim 13: Hamel in view of Koya discloses the authentication method according to claim 8.
Koya further discloses storing, in the storage, a priority level for each of the first pieces of credential information (Koya: ¶0112 any other type of credential, may be stored in a table with additional fields. These additional fields may include [...] a priority of the credential amongst credentials of the same type), and
selecting, by the processor, one or more of the first pieces of credential information based on the priority level, and sends the selected one or more of the first pieces of credential information to the first client device (Koya: ¶0126 if multiple SSH credentials are found and a label is not specified in the request, the SSH credentials with the highest priority may be selected. If a label is specified in the request, the SSH credentials associated with the label and having the highest priority may be selected. As noted above, if multiple credentials with the same priority fit the selection criteria, one of these credentials may be randomly selected).
The motivation is the same that of claim 8 above.

Regarding claim 16: Hamel in view of Koya discloses the authentication method according to claim 8.
Hamel further discloses the client devices include at least one of a security door, a Multifunction Peripheral (MFP), a cellular phone, a personal computer (PC), and Internet of Things (IoT) device (Hamel: ¶0035 user system 400 comprises a personal computer, a mobile device, a tablet computer).

Regarding claim 17: Hamel discloses a non-transitory computer readable medium (CRM) storing computer readable program code that is executed by a computer as an authentication server being connected to a plurality of client devices and comprising a storage and a processor, and causes the computer to execute:
storing, in the storage (Hamel: ¶0033 database system 200 comprises [...] storage 210), a database comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [...] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [...] credential storage 216 comprises credentials accessed by database system 200);
upon the processor receiving a first piece of user information from a first client device, determining, by the processor, whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined); and
upon the processor determining that the database contains the first piece of credential information, sending, by the processor to the first client device, the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
Hamel does disclose credential information associated with user information provided but does not explicitly disclose credential information for logging into an application or service provided by an external server via each of the client devices and credential information required to allow a user to log into the application or service provided via the first client device.
However, Koya discloses credential information for logging into an application or service provided by an external server via each of the client devices (Koya: ¶0169 the particular access credentials include a userid and password usable to log on to the application service); and
credential information required to allow a user to log into the application or service provided via the first client device (Koya: ¶0166 block 704 may involve transmitting, by the server device and to the requesting device, the endpoint identifier and the particular access credentials. Reception of the endpoint identifier and the particular access credentials may cause the requesting device to remotely access the application service executing on the target computing device. For example, the requesting device may log in to the target computing device by way of the application service).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Koya with the system and method of Hamel to include credential information required to allow a user to log into the application or service provided to provide user with a means for remotely accessing multiple computer devices through the use of the appropriate credentials (Koya: ¶0003).


Claims 2-3 and 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143), published on October 3, 2019, in view of Koya et al. (“Koya,” US 2018/0324159), published on November 8, 2018 and Corella (US 2009/0320107), published on December 24, 2009.

Regarding claim 2: Hamel in view of Koya discloses the authentication server according to claim 1.
Koya further discloses wherein the multiple kinds of the plurality of pieces of credential information include a password, a user ID, certificate information (Koya: ¶0106 credentials may include any type of information needed in order to access the devices. These may include userid/password pairs, certificates).
Hamel in view of Koya does not explicitly disclose pseudo credential information.
However, Corella discloses pseudo credential information (Corella: ¶0051 generates a random session ID [i.e. pseudo credential information]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Corella with the system and method of Hamel and Koya to include pseudo credential information to provide user with a means for providing a method of controlling access to an application (Corella: ¶0008).

Regarding claim 3: Hamel in view of Koya disclose the authentication server according to claim 1.
Hamel in view of Koya does not explicitly disclose wherein upon determining that the database does not contain the first piece of credential information, the processor creates and stores a first piece of pseudo credential information in the database and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device.
However, Corella discloses wherein upon determining that the database does not contain the first piece of credential information, the processor creates and stores a first piece of pseudo credential information in the database and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device (Corella: ¶0050 at 220 login module 50 computes the hash of the salt stored in salt field 160 of user record 139 and the password entered by the user in password input 140 of login form 134. At 222, process 200 queries whether the computed hash matches the hash contained in hash field 162 of user record 142; ¶0051 if the answer to the query at 234 is “no”, process 200 proceeds to 236 wherein login module 50 generates a random session ID [i.e. pseudo credential information] and adds a login session record 150 to the table of login session records 148 of the instance database 54, the record containing the session ID in field 174; ¶0052 at 238, a welcome page is downloaded and a cookie containing the session ID as its value is set in the user's browser, such as browser38 of user36. The cookie is returned to Web application 32 by browser 38 with each subsequent HTTP request a request to access the virtual application instance).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Corella with the system and method of Hamel and Koya to include creates and stores a first piece of pseudo credential information in the database and sends to the first client device the first piece of pseudo credential information to provide user with a means for providing a method of controlling access to an application (Corella: ¶0008).

Regarding claim 9: Hamel in view of Koya discloses the authentication method according to claim 8.
Koya further discloses wherein the multiple kinds of the plurality of pieces of credential information include a password, a user ID, certificate information (Koya: ¶0106 credentials may include any type of information needed in order to access the devices. These may include userid/password pairs, certificates).
Hamel in view of Koya does not explicitly disclose pseudo credential information.
However, Corella discloses pseudo credential information (Corella: ¶0051 generates a random session ID [i.e. pseudo credential information]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Corella with the system and method of Hamel and Koya to include pseudo credential information to provide user with a means for providing a method of controlling access to an application (Corella: ¶0008).

Regarding claim 10: Hamel in view of Koya discloses the authentication method according to claim 8.
Hamel in view of Koya does not explicitly disclose upon the processor determining that the database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device.
However, Corella discloses upon the processor determining that the database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device (Corella: ¶0050 at 220 login module 50 computes the hash of the salt stored in salt field 160 of user record 139 and the password entered by the user in password input 140 of login form 134. At 222, process 200 queries whether the computed hash matches the hash contained in hash field 162 of user record 142; ¶0051 if the answer to the query at 234 is “no”, process 200 proceeds to 236 wherein login module 50 generates a random session ID [i.e. pseudo credential information] and adds a login session record 150 to the table of login session records 148 of the instance database 54, the record containing the session ID in field 174; ¶0052 at 238, a welcome page is downloaded and a cookie containing the session ID as its value is set in the user's browser, such as browser38 of user36. The cookie is returned to Web application 32 by browser 38 with each subsequent HTTP request a request to access the virtual application instance).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Corella with the system and method of Hamel and Koya to include creates and stores a first piece of pseudo credential information in the database and sends to the first client device the first piece of pseudo credential information to provide user with a means for providing a method of controlling access to an application (Corella: ¶0008).

Regarding claim 11: Hamel in view of Koya and Corella discloses the authentication method according to claim 10.
Corella further discloses wherein transmitting, by the first client device, an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server (Corella: ¶0044 process 200 begins at 202 with a receipt of a login form [i.e. authentication request] submitted by a user, such as login form 134 submitted by user36 [...] login form 134 is an HTML form having three data inputs: an instance name input 136, a User ID input 138, and a password input 139; ¶0045 after filling out login form 134, the login request is transmitted from browser 38 to ASP Web site 32 (e.g., to a server computer)),
authenticating, by the external server, the user of the first client device using the first piece of credential information or the first piece of pseudo credential information (Corella: ¶0052 a request to access the virtual application instance [...] is authenticated by verifying that the session ID contained in the cookie that accompanies the request matches the session ID field 174 of a login session record).
The motivation is the same that of claim 10 above.


Claims 5-6 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143), published on October 3, 2019, in view of Koya et al. (“Koya,” US 2018/0324159), published on November 8, 2018 and Park (US 2017 /0193723), published on July 6, 2017.

Regarding claim 5: Hamel in view of Koya discloses the authentication server according to claim 1.
Hamel in view of Koya does not explicitly disclose wherein upon receiving necessary credential information from the first client device, the processor searches the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information.
However, Park discloses wherein upon receiving necessary credential information from the first client device, the processor searches the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information (Park: ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result [...] the visitor's face  [i.e. credential information] is data compressed by said iris recognition module (120) and transmitted to the network gateway (200) that registers the mobile terminal information [i.e. user information] and allows the communication between said mobile terminal (300) and said digital door lock (100)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Park with the system and method of Hamel and Koya to include searches the database for the first piece of credential information that coincides with the necessary credential information to provide user with a means for authenticating the user based on comparing the stored biometric information with the biometric information inputted by the user (Park: ¶0016).

Regarding claim 6: Hamel in view of Koya discloses the authentication server according to claim 1.
Hamel in view of Koya does not explicitly disclose wherein the storage further stores user attribute information that includes physical feature information and user preference information and the processor sends, to the first client device, the user attribute information that corresponds to the first piece of user information.
However, Park discloses wherein the storage further stores user attribute information that includes physical feature information and user preference information (Park: ¶0013 the iris recognition module comprises a face photographing means to take the face picture of the user approaching the door-lock; ¶0017 the biometric information [i.e. physical feature information] is the characteristic identification information including iris pattern information, finger print information, retina information, and facial information; ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern [i.e. preference information] of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result), and
the processor sends, to the first client device, the user attribute information that corresponds to the first piece of user information (Park: ¶0109 the network gateway (200) registers the information of the mobile terminal that will transmit the visitor's face picture approaching the digital lock (100) [...] said network gateway (200) delivers the visitor's face picture that the digital lock (100) has taken to the mobile terminal (300)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Park with the system and method of Hamel and Koya to include storing, in the storage, user attribute information that includes physical feature information and user preference information to provide user with a means for providing the security system for the additional user authentication (Park: ¶0086).

Regarding claim 14: Hamel in view of Koya discloses the authentication method according to claim 8.
Hamel in view of Koya does not explicitly disclose upon the processor receiving necessary credential information from the first client device, searching, by the processor, the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information.
However, Park discloses upon the processor receiving necessary credential information from the first client device, searching, by the processor, the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information (Park: ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result [...] the visitor's face  [i.e. credential information] is data compressed by said iris recognition module (120) and transmitted to the network gateway (200) that registers the mobile terminal information [i.e. user information] and allows the communication between said mobile terminal (300) and said digital door lock (100)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Park with the system and method of Hamel and Koya to include searches the database for the first piece of credential information that coincides with the necessary credential information to provide user with a means for authenticating the user based on comparing the biometric information inputted from the user with the stored biometric information (Park: ¶0053).

Regarding claim 15: Hamel in view of Koya discloses the authentication method according to claim 8.
Hamel in view of Koya does not explicitly disclose further storing, in the storage, user attribute information that includes physical feature information and user preference information, and
sending, to the first client device by the processor, the user attribute information that corresponds to the first piece of user information.
However, Park discloses further storing, in the storage, user attribute information that includes physical feature information and user preference information (Park: ¶0013 the iris recognition module comprises a face photographing means to take the face picture of the user approaching the door-lock; ¶0017 the biometric information [i.e. physical feature information] is the characteristic identification information including iris pattern information, finger print information, retina information, and facial information; ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern [i.e. preference information] of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result), and
sending, to the first client device by the processor, the user attribute information that corresponds to the first piece of user information (Park: ¶0109 the network gateway (200) registers the information of the mobile terminal that will transmit the visitor's face picture approaching the digital lock (100) [...] said network gateway (200) delivers the visitor's face picture that the digital lock (100) has taken to the mobile terminal (300)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Park with the system and method of Hamel and Koya to include storing, in the storage, user attribute information that includes physical feature information and user preference information to provide user with a means for providing the security system for the additional user authentication (Park: ¶0086).

Allowable Subject Matter
Claim 12 is objected to as being dependent upon a rejection base claim, but would be allowable as a whole under prior art if rewritten in independent form including all of the limitations of their base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439