Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claims 1-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over MIZRAH (US Pub. No.: US 20110197070 A1) in view of GURIAPPA et al. (Hereinafter referred to as GURIAPPA; US. .

As per claim 1:
Mizrah disclose a computer-implemented method, comprising: 
providing a graphical user interface that makes an authentication object available for selection, the graphical user interface including graphical representations of the plurality of authentication objects that are representations of sets of actions for authenticating by corresponding service provider systems, including a graphical representation that represents a set of actions for authenticating an identity by a service provider system (0045-0047: graphical user interface for mutual and out-of bound authentication entry/menu selection- providing serve-client authentication option; 0066-0067: authentication token);
receiving user input indicating selection of the authentication object (0075: pre-authentication session); and
in response to the receiving the user input indicating selection of the authentication object, performing the set of actions for authenticating the identity by the service provider system (0076: complete mutual authentication session).

Mizrah does not explicitly disclose the selection of the authentication object is from a plurality of selectable authentication objects and the user input is including a drag and drop operation of a graphical representation of the authentication object into a designated area of the graphical user interface to indicate selection of the authentication object. GURIAPPA, in 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the limitation of selection of an authentication object and the user input disclosed by Mizrah to include the selection of the authentication object is from a plurality of selectable authentication objects and the user input is including a drag and drop operation of a graphical representation of the authentication object into a designated area of the graphical user interface to indicate selection of the authentication object. This modification 

Mizrah in [0045] FIG. 3A discloses a graphical user interface in a desktop or laptop's browser or on a screen supporting a variety of operation modes in client (a user at a client platform)/server mutual authentication system, and particularly, the operation mode menu entry selection process, and the first step of the login (or a credential reset) process at the User Name entry state and a Server Challenge entry state used in one example of an authentication program according to one of the preferred embodiments of the present invention.  In [0078], Mizrah discloses the server prompts the user to enter the user name and a user-manually-created or user-edited a one-time authentication challenge to a server. Mizrah further discloses in [0079] the user enters only the user name, alternatively, the user along with the user name also enters a Server Challenge (a session-only random One-Time Authentication Challenge (OTAC)) or a 

Mizrah and GURIAPPA do not explicitly disclose each of the plurality of selectable authentication objects associated with respective different username and password pairs for authenticating with respective different service provider systems. Nguyen, in analogous art however, discloses each of the plurality of selectable authentication objects associated with respective different username and password pairs for authenticating with respective different service provider systems ([0018]: Generating authentication code for web service resources. A service definition and authentication scheme complying with an authentication schema are used to generate authentication code for a RESTful web service resource, where both the service definition and authentication scheme are associated with the web service to which the resource belongs. The service definition and authentication scheme for a web service resource may be implemented and provided by developers of the web service. The service definition and 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the limitation of the plurality of selectable authentication objects disclosed by Mizrah and GURIAPPA to include each of the plurality of selectable authentication objects associated with respective different username and password pairs for authenticating with respective different service provider systems. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to expand the seamless and integrated authentication object for developers tailoring to a client application for consumption of a variety of web services in addressing the variety of possible authentication mechanisms that may be required from one web service to the next including where a web service requires a customized authentication mechanism that is not widely known or widely used as suggested by Nguyen in (0004-0005).

As per claim 2:
Mizrah discloses obtaining a request to authenticate the identity from a first device (0069-0070: Upon successful server authentication by the user, his/her password is entered to authenticate the user to the server and to complete user/server mutual authentication).

As per claim 3:
Mizrah discloses wherein the graphical user interface that makes the authentication object available for selection is provided on a second device that is separate from the first device (0050:  0087-0088: out-of-band multi-factor authentication token on smart phone as a second channel).

As per claim 4:
Mizrah discloses wherein the user input indicating selection of the authentication object is received from the second device (0066-0067: out-of-band authentication with a software token in a smartphone as a second channel).

As per claim 5:
Mizrah discloses wherein the authentication object encodes: a set of credentials usable to authenticate the identity; and an access policy that specifies a permitted use or a restriction on use of the authentication object (0067; 0146).


Mizrah discloses wherein the authentication object is associated with a set of actions for authenticating the identity (0075-0076; 0146).

As per claim 7:
Mizrah discloses wherein performing the set of actions comprises: obtaining an authentication claim generated based at least in part on a request from a first device to authenticate the identity from the first device and a set of credentials encoded in the authentication object selected from a second device; and causing, at least in part by providing the authentication claim to a computing resource service provider system, the authentication claim to be used to authenticate the identity (0070; 0072; 0075).

As per claim 8:
Claim 8 is directed to a system, comprising: one or more computing devices including one or more processors and memory, the memory including executable instructions that, as a result of execution by the one or more processors, claim 8 is having substantially similar claimed subject matter as recited in corresponding method claim 1 and therefore claim 8 is rejected with the same rationale given above to reject claim 1.

As per claim 9:
Mizrah discloses wherein the authentication object encodes a policy that specifies a type of access associated with the authentication object (0087; 0090).

As per claim 10:
Mizrah disclose wherein the authentication object encodes a set of credentials sufficient to authenticate an identity to a service provider system (0047).

As per claim 11:
Mizrah disclose wherein the executable instructions further because the system to generate an authentication claim based at least in part on the set of credentials encoded in the authentication object (0045-0046).

As per claim 12:
Mizrah disclose wherein the authentication claim corresponds to a request from a first computing device to authenticate an identity (0050-0051).

As per claim 13:
Mizrah disclose wherein the authentication object usable to authenticate the identity to the service provider system is received from a second computing device that is separate from the first computing device (0066-0067).

As per claim 14:
Claim 14 is directed to a non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a first 

As per claim 15:
Mizrah disclose wherein at least a portion of the plurality of graphical representations are associated with a set of actions for authenticating the identity with a service provider (0045-0047: graphical user interface for mutual and out-of bound authentication entry/menu selection- providing serve-client authentication option).

As per claim 16:
Mizrah disclose wherein at least a portion of the plurality of graphical representations are associated with a set of policies specifying permitted uses or restrictions associated with the plurality of graphical representations (0076).


Mizrah disclose wherein at least a portion of the plurality of graphical representations are associated with a set of credentials usable to authenticate the identity with the service provider (0070; 0072).

As per claim 18:
Mizrah disclose wherein the executable instructions further comprise instructions that cause the first computer system to access the resource of the service provider at least in part by providing the authentication claim to the service provider for authentication (0069-0070).

As per claim 19:
Mizrah disclose wherein the executable instructions further comprise instructions that cause the first computer system to: provide additional authentication information in response to a request by at least displaying an indication of one or more user actions to perform in order to confirm an operation of the second computer system; and obtain an indication that at least one user action of the one or more user actions has been performed (0070; 0072; 0075).

As per claim 20:
Mizrah disclose wherein the executable instructions further comprise instructions that cause the first computer system to determine a state of the second computer system based at least in part on: biometric information obtained using one or more sensors of the second 

BRI (Broadest Reasonable Interpretation)
The above claims under examination have been given their BRI consistent with the applicant’s disclosure as they would be interpreted by one of ordinary skill in the art at the time of filing the invention and the following claim words or terms or phrases or languages have been given to them, as follows, reasonable BRI considerations and context in view of the applicant’s disclosure in order to construe and appraise boundary and scope of the claimed limitations. For example, for the following claim words or terms or phrases or languages, the examiner recites BRI considerations from the applicant’s disclosure as follows:
[0031] An authentication object is a collection of information sufficient and/or necessary for access to one or more service provider systems. The information for example may comprise credentials usable for access to a service provider system. In one example, an authentication object encodes a username and a password where the username and password are sufficient for access to the service provider system. In this example the username and password may be credentials of a user on behalf of whom the authentication object is presented. In other embodiments an authentication object may encode credentials not of the user, but of the authentication object manager, where one or more processes have been performed to enable the service provider system to associate credentials of the authentication object manager with credentials of a user, thereby enabling the authentication object manager to authenticate on behalf of the user. An authentication object presented to the service provider 
[0051] An authentication object includes one or more credentials sufficient for accessing a system to which the authentication object corresponds. It should be noted that a single authentication object may be usable for authentication with multiple different systems which may be managed and operated by different entities. In some examples, credentials 402 contained within an authentication object 400 include long term alphanumeric credentials 404 corresponding to an identity. Long term alphanumeric credentials may comprise, for example, one or more of a username, password, electronic mail address, PIN, telephone number, physical mailing address, network address, or other identifier or collection of identifiers that collectively uniquely map to an account of a system for which the authentication object 400 is submittable. In some embodiments, instead of a long-term credential being included directly in the authentication object 400, the authentication object 400 includes information generated based at least in part on one or more long term credentials, such as one or more hash values of one or more long term credentials. Thus, regardless of whether the authentication object includes a long term credential or information derived therefrom, the authentication object, in this example, has information based at least in part on the long term credential. Long term credentials and information derived therefrom may, in some embodiments, may be included in the same authentication object. For example, an authentication object may include a username and a hash of a password. Credentials 402 of an authentication object 400 may also include biometric credentials 406. instances of information encoding one or more fingerprints, one or more retinal scans, deoxyribonucleic acid (DNA), a human voice, an image of a face, typing cadence and others. Biometric credentials 406 generally may comprise information suitable for use in a biometric authentication system. The information may, for example, be an optical and/or capacitance scan of one or more fingerprints or information obtained by processing a scan of one or more fingerprints. Similarly, an image of a face or information obtained from processing an image of a face may be used. Generally, the type of biometric information and the manner in which it is included in the authentication object may depend from the capabilities of the system to which the authentication object is submittable.
[0052] In an embodiment an authentication object 400 includes one or more short-term credentials 408. A short-term credential may be a credential that, due to a limited lifetime, is required to be presented to an authentication object manager within a limited amount of time before generation of the authentication object 400. Upon selection of a representation of the authentication object 400, for example, an authentication object manager may obtain the one or more short-term credentials 408 for inclusion in the authentication object 400. As discussed above, example short-term credentials include an OTP code obtained from an OTP token such as described above. Example OTP tokens include token devices produced by the EMC Corporation (e.g., RSA SecurID tokens) and tokens produced by Gemalto NV. OTP tokens may also be integrated into a device that provides authentication objects, such as a user computing device and information may be obtained therefrom accordingly. Another example of a short-term credential is a cryptographically verifiable time stamp from a time server. Generally, a short-term credential may be any credential valid for an amount of time determined as short and, as a result, 
[0016] A graphical user interface allows for easy use of access credentials to gain access for which providing valid credentials is a prerequisite. For example, a user may utilize the graphical user interface to log in to a website to gain access to information and/or services of the website, although the techniques of the present disclosure are applicable in other contexts where credentials may be required for access (such as for access to functionality of a user interface usable to control home automation features). In some examples, the graphical user interface provides the user the ability to select a representation of an authentication object from a set of authentication objects and indicate that the selected authentication object is to be used for authentication. A representation of an authentication object may be a graphical element or collection of graphical elements of the graphical user interface that corresponds or collectively correspond to the authentication object. In other words, a representation of an authentication object may represent a set of actions for authenticating an identity.…. As an example, a representation of an authentication object may be an icon that visually indicates the authentication object. The representation may, for example, be visually distinguishable from other representations on the graphical user interface. It should be noted that while visual representations on a graphical user interface are used throughout for the purpose of illustration, other representations that invoke human senses in addition to or alternatively to sight are also considered as being within the scope of the present disclosure.

[0035] The authentication object manager allows for user selection of a representation of an authentication object and for indication of the selected authentication object to be used for authentication… A user has selected a representation of an authentication object thereby selecting the corresponding authentication object. In this example, the user may indicate that the selected authentication object corresponding to the selected representation is to be used for authentication by performing a drag and drop operation from an area of the display of the authentication object manager  to an area of the web page usable for authentication. The drag and drop operation may be performed, for example, by placing a cursor on the representation holding a mouse button, such as a left mouse button should a mouse device 
[0043; 0058] The service provider 304 may, for instance, provide a website or a backend system supporting a mobile or other application executing on the user device. The identity provider 306 may be a computer system comprising a collection of computing devices collectively configured to manage authentication for a set of service providers including the service provider 304. The identity provider 306 may, for example, be an entity that operates its own services such as social networking services, an electronic commerce website, its own other type of website and/or other services.
Drag and Drop 	[0017]: The graphical user interface may be configured such that a drag and drop operation of the representation of the authentication object into a particular area of the graphical user interface can be used to select the representation and indicate that the authentication object is to be used for authentication. [0024]: The second device may include a mobile phone with a plurality of cameras, the cameras may capture the user's hand and other information about the environment as the user performs a drag and drop operation on the second device. [0036]: The drag and drop operation of the representation 118 of the authentication object to the area 116 or authentication causes the browser application 102 to send the corresponding authentication object to the service provider 106. [0086]: The cameras 832 may then be used to determine location of the user's hand during each drag and drop operation and correlated with the location of the authentication object in order to provide stronger authentication. Furthermore, the drag and drop operation or separate authentication process may require the user to drag the authentication object 818 through a particular pattern on the screen 816 of the mobile device 802.

Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  


Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784.  The examiner can normally be reached on 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 






/TECHANE GERGISO/Primary Examiner, Art Unit 2494