DETAILED ACTION

Claims 1 – 20 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.


Claim Rejections - 35 USC § 112

The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 2, 3, 12, and 13 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Specifically, regarding claims 2 and 12, the recitation of “deferral-enabled web service” was not defined or described within the applicant’s originally filed disclosure.

Depending claims are rejected by virtue of dependency.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 2 – 6 and 12 – 16 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Regarding claims 2 and 12, the recitation of “deferral-enabled web service” renders the scope of the claims indefinite.  Specifically, this term is not a standard term within the art, and the applicant’s specification fails to define the term.  Thus, the scope of subject matter falling inside or outside the scope of a “deferral-enabled web service” is unclear.   



Depending claims are rejected by virtue of dependency.


Claim Rejections - 35 USC § 102

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1 – 20 are rejected under 35 U.S.C. 102(a)(1) as being clearly anticipated by Hinton et al. (Hinton), US 2008/0134305 A1.

Regarding claim 1, Hinton discloses:
A computer-executed method (e.g. Hinton, Abstract; claim 1) comprising: 
authenticating a client to a first authentication tier of a plurality of authentication tiers for an application (e.g. Hinton, par. 7, 11); 
generating a particular session identifier for the client; maintaining data that associates the particular session identifier with the first authentication tier (e.g. Hinton, fig. 5:504; par. 11, 38, 43, 44); 
wherein each authentication tier, of the plurality of authentication tiers, is associated with one or more respective authentication steps of a plurality of authentication steps (e.g. Hinton, par. 7, 39); 
wherein the application comprises a first page that is associated with the first authentication tier, and a second page that is associated with a second authentication tier of the plurality of authentication tiers (e.g. Hinton, par. 39, 40, 41); 
receiving a first request for the first page (e.g. Hinton, par. 41); 
wherein the first request is associated with the particular session identifier (e.g. Hinton, par. 38, 43); 
as a response to the first request, providing information for the first page to the client based, at least in part, on the particular session identifier being associated with the first authentication tier and the first page being associated with the first authentication tier (e.g. Hinton, par. 43, 44); 
receiving a second request for the second page (e.g. Hinton, par. 44); 
wherein the second request is associated with the particular session identifier (e.g. Hinton, par. 44); 
and in response to receiving the second request: based, at least in part, on (a) the particular session identifier being associated with the first authentication tier and (b) the second page being associated with the second authentication tier, providing, to the client, an authentication challenge associated with the second authentication tier (e.g. Hinton, par. 45, 51, 52-55), 
based on user input to the authentication challenge via the client, authenticating the client to the second authentication tier (e.g. Hinton, par. 57, 58), 
maintaining second data that associates the particular session identifier with the second authentication tier (e.g. Hinton, par. 58),
and as a response to the second request, providing information for the second page to the client based, at least in part, on the particular session identifier being associated with the second authentication tier (e.g. Hinton, par. 59; 
wherein the method is performed by one or more computing devices (e.g. Hinton, fig. 4).

Regarding claim 2, Hinton discloses:
wherein: said receiving the first request comprises a deferral-enabled web service receiving a particular request to serve the first page to the client (e.g. Hinton, fig. 4; par, 46, 47); the method further comprises: 
the deferral-enabled web service sending a third request, to an authentication service, to validate a session identified by the particular session identifier, wherein the third request includes information identifying the first page, and the authentication service determining that the session is valid based, at least in part, on the particular session identifier and the information identifying the first page (e.g. Hinton, fig. 4:418-422; par. 52, 53, 54, 57 , 58), as a response to the third request, the authentication service sending, to the deferral-enabled web service, an indication that the session is valid, wherein said providing information for the first page to the client is performed by the deferral-enabled web service in response to receiving the indication that the session is valid (e.g. Hinton, par. 51, 52, 55).

Regarding claim 3, Hinton discloses:
the authentication service maintaining mapping information that maps the first page to the first authentication tier; and the authentication service determining that the session is valid is further based, at least in part, on determining that the particular session identifier is associated with the first authentication tier that is of the same authentication tier as the first authentication tier mapped to the first page in the mapping information (e.g. Hinton, fig 5:502, 518).

Regarding claim 4, Hinton discloses:
wherein the particular session identifier is a special session identifier, and the method further comprises: generating a normal session identifier for a session identified by the special session identifier; wherein the special session identifier is associated with the normal session identifier (e.g. Hinton, fig. 5:508, 510; par. 38, 44, 60).



Regarding claim 5, Hinton discloses:
wherein the special session identifier is associated with the normal session identifier based on one or more of: said generating the particular session identifier comprising encrypting the normal session identifier to produce the special session identifier; or maintaining mapping data that maps the special session identifier to the normal session identifier (e.g. Hinton, fig. 5:504; par. 60, 64).

Regarding claim 6, Hinton discloses:
receiving, from a second client (e.g. Hinton, par. 26, 36 – second clients), a third request for a third page of the application, wherein the third page is associated with a highest (e.g. Hinton, par. 7, 10) authentication tier of the plurality of authentication tiers; wherein the third request is not associated with a session identifier; authenticating the second client to the highest authentication tier; generating a second normal session identifier; maintaining data indicating that the second normal session identifier is associated with a highest authentication tier; sending the second normal session identifier to the second client (e.g. Hinton, fig. 5:504; par. 11, 38, 39, 40, 41, 43, 44, 51, 52-55, 57, 58, 59 – herein the steps for a first client are repeatable for a second client). 

Regarding claim 7, Hinton discloses:
wherein: said receiving the second request comprises receiving, by a web service, a particular request to serve the second page to the client; the method further comprises, in response to receiving the second request: sending, by the web service, a third request, to an authentication service, to validate a session identified by the particular session identifier, determining, by the authentication service, that the first authentication tier associated with the particular session identifier is lower than the second authentication tier associated with the second page, and based on said determining that the first authentication tier, associated with the particular session identifier, is lower than the second authentication tier associated with the second page, sending, by the authentication service to the web service, an indication that the session is invalid as a response to the third request; and said providing, to the client, the authentication challenge associated with the second authentication tier is based, at least in part, on the indication that the session is invalid (e.g. Hinton, fig. 5:504; par. 11, 38, 39, 40, 41, 43, 44, 51, 52-55, 57, 58, 59 – again, herein the steps for a first client are repeatable for a second client – wherein if an original authentication tier for an original request is lower than a context necessary for a secondary request, the system will require additional authentication before serving the requested webpage). 
.

Regarding claim 8, Hinton discloses:
wherein said providing, to the client, the authentication challenge associated with the second authentication tier based, at least in part, on the indication that the session is invalid further comprises: redirecting, by the web service, the client to the login page (e.g. Hinton, par. 44-47); sending, by an authentication-page web service for a login page of the application, a fourth request that includes information identifying the login page, to the authentication service, to validate the session identified by the particular session identifier; determining, by the authentication service, that the first authentication tier associated with the particular session identifier is lower than the second authentication tier associated with the second page (e.g. Hinton, 50-53); based on said determining that the first authentication tier associated with the particular session identifier is lower than the second authentication tier associated with the second page and the information identifying the login page, sending, by the authentication service to the authentication-page web service, an indication that the session is valid with a particular status as a response to the third request (e.g. Hinton, 54 – 58); wherein the particular status is associated with one or more authentication steps, of the plurality of authentication steps, required to elevate the first authentication tier associated with the particular session identifier to the second authentication tier associated with the second page; and identifying the authentication challenge, by the authentication-page web service, based, at least in part, on the particular status (e.g. Hinton, fig. 5; par. 63-65).

Regarding claim 9, Hinton discloses:
further comprising: maintaining, by the authentication service, mapping information that maps one or more pages, of the application, to one or more authentication tiers of the plurality of authentication tiers; wherein the second authentication tier is associated with the second page based on one of: the mapping information includes particular information that maps the second page to the second authentication tier, or the mapping information omits any mapping of the second page to an authentication tier (e.g. Hinton, fig. 5:502,518; par. 63-65).

Regarding claim 10, Hinton discloses:
wherein the application comprises a third page that is associated with a third authentication tier of the plurality of authentication tiers, the method further comprising: receiving a third request, associated with the particular session identifier, for the third page; and in response to receiving the third request: based, at least in part, on (a) the particular session identifier being associated with the second authentication tier and (b) the third page being associated with the third authentication tier, providing, to the client, a second authentication challenge associated with the third authentication tier, based on user input to the second authentication challenge via the client, authenticating the client to the third authentication tier, maintaining third data that associates the particular session identifier with the third authentication tier, and as a response to the third request, providing information for the third page to the client based, at least in part, on the particular session identifier being associated with the third authentication tier (e.g. Hinton, fig. 5:504, 518, 520; par. 11, 38, 39, 40, 41, 43, 44, 51, 52-55, 57, 58, 59 – again, herein the steps for receiving any number of requests – i.e. a “first”, “second”, “third”, “fourth”, etc…… - is repeatable for any number of a plurality of clients,  – wherein if an original authentication tier for an original request is lower/higher/valid/invalid than a context necessary for any subsequent request, the system will require additional authentication before serving the requested webpage). 

	Regarding claims 11 – 20, they are medium and program claims essentially corresponding to claims 1 – 10 above, and they are rejected, at least, for the same .


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
See Notice of References Cited.	

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495