DETAILED ACTION
1.	This office action is in response to the communication filed on 03/30/2020.
2.	Claims 1-20 are pending.

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Allowable Subject Matter
5.	Claim(s) 9-10 and 14-15 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
6.	Claim(s) 19-20 is/are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten or amended to overcome the rejection(s) under 35 U.S.C. 101, set forth in this Office action, and include all of the limitations of the base claim and any intervening claims.  


The present invention is directed toward a method for piggybacking user registration with mirrored identities to achieve federation.  Claim(s) 9-10, 14-15 and 19-20 identify the uniquely distinct features for opening a browser on a graphical user interface of the mobile client or the personal computer; receiving a cookie from the authentication server with the cloud authentication of the user upon authentication of the user; and deleting the cookie with the cloud authentication of the user upon a closing of the browser on the graphical user interface of the mobile client or the personal computer, taken in combination with the remaining limitations of the claim(s) that are not found in and/or are not obvious in view of the closest recorded prior arts.
One of the closest prior art, Shah et al. (WO 2012149384 A1), discloses a method to authenticate a user for single sign on, wherein a user is authenticated using user-assisted authentication and network-assisted authentication. The other closest prior art, Feijoo et al. (US 20190058706 A1), discloses a method to authenticate a user for single sign on using an enterprise identity provider server and a federated identity provider serve. However, either singularly or in combination, Shah et al. and/or Feijoo et al. do/does not disclose the above uniquely distinct features taken in combination with the remaining limitations of the claim(s).
Therefore, claim(s) 9-10, 14-15 and 19-20 is/are in condition for allowance.

Claim Objections
8.	Claim(s) 1, 11 and 16 is/are objected to because of the following informalities:  

Appropriate correction(s) is/are required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


9.	Claim(s) 16-20 is/are rejected under 35 U.S.C. 101 because the claimed inventions are directed to non-statutory subject matter.   
The claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because the claim(s) is/are directed to a system, and the claimed element(s), e.g., computer processor, is/are non-statutory subject matter. Since the specification (e.g., para. 39, “Processor device (or computer processor) … may be …”) only gives example(s) of a computer processor, and does not limit a computer processor to a hardware device. Therefore, applying the broadest reasonable interpretation, the claim(s) as a whole permits non-statutory embodiment, i.e. software per se.  
Amending the limitation “computer processor” to “hardware processor” or amending the claim(s) to comprise a hardware device would overcome the rejection.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



10.	Claim(s) 1-4, 7-8, 11-13 and 16-18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah et al. (WO 2012149384 A1) in view of Feijoo et al. (US 20190058706 A1).
Regarding claims 1, 11 and 16:
Shah discloses a method for user registration with mirrored identities to achieve federation without on-premises identities, the method comprising: 
forwarding, from a computer processor, a password-based authentication request for a user to an [active directory] for access to cloud services (see paras. 33-34, 53 where a user uses a wireless transmit/receive unit (WTRU)/user equipment (UE) to access content/services in a network, wherein a WTRU/UE is a computer comprising a processor for executing a software (i.e., computer processor); see paras. 62, 68-70 where a UE provides a password to a SSO subsystem (i.e., active directory) for user-assisted authentication (i.e., password-based authentication) to access services (i.e., cloud services) from a service provider (i.e., active directory)); 
receiving, on the computer processor, a cloud authentication from the [active directory] for the user (see para. 74 where SSO subsystem generates a user-assisted authentication result when the user-assisted authentication is complete, wherein the UE stores the user-assisted authentication result (i.e., the UE receives a user-assisted authentication result (i.e., cloud authentication) from the SSO subsystem)); 
piggybacking, on the computer processor, the cloud authentication for the user from the [active directory] with a FIDO2 registration to an authentication server (see paras. 69, 74 where a user-assisted authentication triggers a network-assisted authentication, wherein a user-assisted authentication result is used in a network-assisted authentication; see para. 87 where a user accesses services through registration to an identity provider (IdP) to obtain authentication from the IdP; see para. 110 where a UE sends a request for to an OpenID Identity Provider Server (OP/IdP) (i.e., authentication server) to obtain network-assisted authentication); 
requesting, by the computer processor, an application or service from a cloud provider with the cloud authentication for the user from the FIDO2 registration (see paras. 69, 74 where a user-assisted authentication triggers a network-assisted authentication, wherein a user-assisted authentication result is used in a network-assisted authentication; see paras. 113, 115 where an OP/IdP provides a signed assertion to a UE after a successful network-assisted authentication, wherein the UE accesses a service from a service provider (SP)/relying party (RP) (i.e., cloud provider) by sending the signed assertion received from the OP/IdP to an SP/RP); and 
receiving, on the computer processor, the application or service from the cloud provider (see fig. 8, step 828).
Shah does not, but Feijoo discloses:
active directory (see Feijoo, fig. 7 and paras. 110, where a user device’s user logs into an enterprise network using a password (i.e., password-based authentication request is forwarded from a user device) to access services of an enterprise system, wherein an enterprise identity provider server (i.e., active directory) issues a first 
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Shah's invention by enhancing it to for active directory, as taught by Feijoo, in order for extending single-sign-on to relying parties for federated logon providers (Feijoo, abstract).

Regarding claims 2, 12 and 17:
Shah discloses:    
receiving, on the computer processor, a password-less based authentication from the user for cloud services (see para. 62 where a user accesses services from a SP; see fig. 7 and paras. 106-108 where user credential comprising biometric information is provided, by a UE connecting to a biometric unit, to an IdP/OP for network-assisted authentication. In other words, the UE receives user biometric information for providing to an IdP/OP for network-assisted authentication); 
forwarding, from the computer processor, the password-less based authentication from the user to the authentication server for authentication of the user for the cloud services (see fig. 7 and paras. 62, 106-108); and 
receiving, on the computer processor, the cloud authentication from the authentication server of the user for the cloud services (see paras. 69, 74 where a .

Regarding claim 3:
Shah discloses:
receiving, on the computer processor, the password-less based authentication for the user for cloud services via a [SAML] single sign-on (SSO) (see paras. 113, 115 where an OP/IdP provides a signed assertion to a UE after a successful network-assisted/single sign-on (SSO) authentication, wherein the UE accesses a service from a service provider (SP)/relying party (RP) (i.e., cloud provider) by sending the signed assertion received from the OP/IdP to an SP/RP).
Shah does not, but Feijoo discloses:
SAML single sign-on (SSO) (see Feijoo, para. 122, where a federated identity provider server issues a SAML token that enable a user device to have SSO access to services).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Shah's invention by enhancing it for SAML single sign-on (SSO), as taught by Feijoo, in order to enable a user device to have SSO access to resources and services provided in a third party system (see Feijoo, para. 122). 

Regarding claims 4, 13 and 18:
Shah discloses: wherein the [SAML] single sign-on (SSO) comprises: 
receiving, on the computer processor, user identification captured by a biometric device of the user (see fig. 7 and paras. 106-108 where user credential comprising biometric information is provided, by a UE connecting to a biometric unit (i.e., biometric device), to an IdP/OP (i.e., authentication server) for network-assisted authentication); 
forwarding, by the computer processor, the user identification to the authentication server (see fig. 7 and paras. 106-108); and 
receiving, on the computer processor, the cloud authentication for the user (see paras. 69, 74 where a user-assisted authentication triggers a network-assisted authentication, wherein a user-assisted authentication result is used in a network-assisted authentication; see paras. 113, 115 where an OP/IdP provides a signed assertion to a UE after a successful network-assisted authentication).
Shah does not, but Feijoo discloses:
SAML single sign-on (SSO) (see Feijoo, para. 122, where a federated identity provider server issues a SAML token that enable a user device to have SSO access to services).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Shah's invention by enhancing it for SAML single sign-on (SSO), as taught by Feijoo. The motivation is the same as presented in claim 3.

Regarding claim 7:
Shah discloses:
wherein the computer processor is part of a mobile client or a personal computer (see paras. 34, 53 where a WTRU/UE is a computer comprising a processor for executing a software), 
provisioning, by the cloud service, the application or service to the mobile client or the personal computer (see fig. 8, step 828).

Regarding claim 8:
Shah discloses:
opening, by the computer processor, a browser on a graphical user interface of the mobile client or the personal computer (see paras. 33-34, 53 where a user uses a wireless transmit/receive unit (WTRU)/user equipment (UE) to access content/services in a network, wherein a WTRU/UE is a computer comprising a processor for executing a software (i.e., computer processor); see para. 70 where a user initiates access to a service through a browser, wherein the user inputs a credential into a user interface); and 
receiving, on the computer processor, a cookie from the authentication server with the cloud authentication of the user upon authentication of the user (see paras. 69, 74 where a user-assisted authentication triggers a network-assisted authentication, wherein a user-assisted authentication result is used in a network-assisted authentication; see paras. 113, 115 where an OP/IdP provides a signed assertion (i.e., cookie) to a UE after a successful network-assisted authentication).

11.	Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah, Feijoo, and further in view of Ziraknejad et al. (US 10701067 B1).
Regarding claim 5:
Shah discloses:
wherein the biometric device is a wearable biometric device configured to measures electrical activity of a heartbeat of the user (see fig. 7 for biometric unit).
Shah does not, but Ziraknejad discloses:
a wearable biometric device configured to measures electrical activity of a heartbeat of the user (see Ziraknejad, col. 11, lines 49-64, where a user is authenticated based on the user’s heartbeat data received from a watch wearing by the user).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Shah-Feijoo's invention by enhancing it for a wearable biometric device configured to measures electrical activity of a heartbeat of the user, as taught by Ziraknejad, in order to authenticate a user using a wearable device (Ziraknejad, abstract).

12.	Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Shah, Feijoo, and further in view of Minov et al. (US 20150188906 A1).
Regarding claims 6:
Shah as modified does not, but Minov discloses:
hosting, on the authentication server, a plurality of mirrored FIDO2 identities for a plurality of users (see Minov, fig. 1 and para. 16, where an identity provider (i.e., authentication server) stores assertions (i.e. mirrored FIDO2 identities) for users).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Shah-Feijoo's invention by enhancing it for hosting, on the authentication server, a plurality of mirrored FIDO2 identities for a plurality of users, as taught by Minov, in order to store issued assertions in a user database (Minov, para. 16).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Belov et al., US 20200382495 A1, SYSTEMS AND METHODS OF APPLICATION SINGLE SIGN ON.
Bhatt et al., US 20190089702 A1, SYSTEMS AND METHODS FOR MANAGING DIGITAL IDENTITIES ASSOCIATED WITH MOBILE DEVICES.
Innes et al., US 20180007059 A1, Dynamic Access Control To Network Resources Using Federated Full Domain Logon.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAN V. DOAN whose telephone number is 571-272-3809. The examiner can normally be reached on Monday – Thursday, 9:00am – 5:00pm EST.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HUAN V DOAN/Primary Examiner, Art Unit 2437