DETAILED ACTION
Office Action Summary
Instant application claims priority to 11/26/2019.
Claims 1-20 are pending in the instant application.
Claims 1-20 are rejected under 35 USC § 102/103.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-6, 8-13 and 15-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Calinov et al. (US Patent No: 7,356,711 B1) hereinafter referred to as Calinov.

As per claims 1, 8 and 15, Calinov teaches … presenting, on the display screen via a web browser, a web page received from a first datacenter associated with a tenant-specific endpoint (TSE) for a software application operating on the client computer system; (Calinov, figure 3, item 28 teaches a browser and column 6, lines 17-35 teaches “The affiliate server 16 first presents the user with a sign-in interface (e.g., "click here to login").”)
receiving, via the input device into the web page presented in the web browser, first authentication information for a user of the client computer system; (Calinov, figure 2, and column 6, lines 17-35 teaches “when the user clicks on the sign-in interface. (See B). In general, the process of authenticating a user begins when the user signs in to a participating site (and has not already been authenticated). Typically, the user first attempts to sign in or access a page. At the affiliate site, the user clicks the sign-in link to begin the authentication process.”)
transmitting the first authentication information to the first datacenter; (Calinov, figure 2, and column 6, lines 17-35 teaches “when the user clicks on the sign-in interface. (See B). In general, the process of authenticating a user begins when the user signs in to a participating site (and has not already been authenticated). Typically, the user first attempts to sign in or access a page. At the affiliate site, the user clicks the sign-in link to begin the authentication process.”)
receiving, from the first datacenter, redirection information for a second datacenter associated with a TSE for the user; (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24.”)
redirecting the web browser to the second datacenter based on the redirection information; (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24.”)
receiving, via the input device via the web browser, second authentication information for the user; (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24. When affiliate server 16 registered to participate in the authentication system, authentication server 24 provided the site with a unique ID and encryption key.”)
transmitting the second authentication information to the second datacenter; (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24.”)
receiving an authentication code from the second datacenter; and (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24. When affiliate server 16 registered to participate in the authentication system, authentication server 24 provided the site with a unique ID and encryption key.” See line F in figure 2)
redirecting the web browser based on the received authentication code. (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24. When affiliate server 16 registered to participate in the authentication system, authentication server 24 provided the site with a unique ID and encryption key.” And line G in figure 2 shows the client directed back to the first site)

As per claims 2, 9 and 16, Calinov teaches … wherein the memory further stores instructions for causing the client computer system to perform operations comprising: presenting, via the display screen of the user interface, a login page including an option to perform an authorization; receiving, via the input device, a selection of the option to perform the authorization; and redirecting the web browser to the first datacenter to receive the web page. (Calinov, figure 2 and 3)

As per claims 3, 10 and 17, Calinov teaches … wherein the first authentication information is a username associated with the user, and the second authentication information is a password associated with the user. (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24. When affiliate server 16 registered to participate in the authentication system, authentication server 24 provided the site with a unique ID and encryption key.”, so the username is sent to first server and ten sent again to second server along with password)

As per claims 4, and 11, Calinov teaches … wherein the authentication token is a self-encoded signed token generated by the TSE associated with the user. (Calinov, figure 4 , item 66, shows a signature and see column 9, lines 21-37)

As per claims 5, 12 and 18, Calinov teaches … wherein the memory further stores instructions for causing the client computer system to perform operations comprising: subsequent to redirecting the web browser to the second data center, presenting a second web page received from second application data center; and receiving the second authentication information via the input device into the second web page. (Calinov, column 6, lines 45-47)

As per claims 6, 13 and 19, Calinov teaches … wherein the software application operating on the client computer system is loaded into the web browser prior to presenting the web page from the first datacenter. (Calinov, figure 2, and column 6, lines 17-35 teaches “The user's request is redirected from the participating site to the sign-in page of authentication server 24. When affiliate server 16 registered to participate in the authentication system, authentication server 24 provided the site with a unique ID and encryption key.”)



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 7, 14 and 20 rejected under 35 U.S.C. 103 as being unpatentable over Calinov in view of Hotes et al. (US Pre-Grant Publication No: 2010/0242097 A1) hereinafter referred to as Hotes.

As per claims 7, 14 and 20, Calinov does not explicitly teach wherein the redirecting of the web browser to the second data center is performed by the software application via an application program interface (API) call to the web browser.
However, Hotes, [0026], teaches using an API for redirecting to an authentication server.
It would have been obvious to one having ordinary skill in the art, before the effective filing of the claimed invention to modify the invention of Calinov with the method of Hotes this is a well known substitution of one interface for another to yield predicable results.

Other Related Art
Hinton (7478434) teaches “When a user makes a request to access a protected resource identified by a URL, client-side code in a web browser is used to generate an authentication token, which is then sent to the server along with an identity cookie that was set by that server. The authenticated token is then used by the server to authenticate that the request is properly tied to a given identity contained in the identity cookie. If the authentication token can be validated at the server, an access control decision is then executed to determine whether to invoke the request for the protected resource. If the authentication token cannot be validated, an access denied request is returned to the requesting client.”
Bhabbur (9985786) teaches “Provided is a process, including: receiving a request to authenticate a user to access resources from a first computing device; in response to receiving the request, sending, with one or more processors, instructions that cause the first computing device to display a machine readable image, wherein: the machine readable image is configured to, upon being sensed with a camera of a second computing device, cause the second computing device to present, with a display of the second computing device, a user interface with a user-credential input configured based on the machine readable image displayed by the first computing device; receiving from the second computing device, a value demonstrating possession of a user credential and an identifier of the second computing device, the user credential being entered into the second computing device via the user interface configured based on the machine readable image displayed by the first computing device.”
Uhr (11012233) teaches “A method for providing an authentication service by using a decentralized identity (DID) application of a first user device, a mobile device, is provided. The method includes steps of: (a) if a signature verification value is transmitted from a service provider server in response to a DID service requested by a second user device, a DID authentication server transmitting the signature verification value to the DID application so that the DID application transmits a user signature and a user DID to the DID authentication server, and (b) verifying the user signature by using a user public key and transmitting signature verification result information to the service provider server, or transmitting the user signature and the user DID to the service provider server, to allow the service provider server to verify the user signature by using the user public key, to thereby provide the DID service to the second user device.”
Gray (20050229239) teaches “response to the request from the authentication server comprises user data containing the flow data, said client being redirected to the affiliate server based on the user data, and wherein the affiliate server is configured to retrieve the flow data from the user data and to cause a user interface to be rendered at the client in response thereto, said user interface having a hidden form field that includes the flow data.”
Guo (20030217288) teaches “Proceeding to 34 and 36, the affiliate server 16 first presents the user with a sign-in interface (e.g., "click here to login"). The portal service of affiliate server 16 then redirects client computer system 12 to the multi-site user authentication system provided by authentication server 24 (e.g., Microsoft.RTM. Passport sign-in service) when the user clicks on the sign-in interface. (See B). In the example of FIGS. 2 and 3, affiliate server 16 redirects client computer system 12 to login.authsite.com and client computer system 12 follows the redirect command issued by the portal at 36.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SIMON P KANAAN whose telephone number is (571)270-3906.  The examiner can normally be reached on M-F (7AM-4PM).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SIMON P KANAAN/Primary Examiner, Art Unit 2492