DETAILED ACTION
The communication received on 1/18/22 has been entered.
The IDS received on 1/10/22 has been entered and the references carefully considered.

Response to Arguments/Amendments

In light of Amendment and applicant’s arguments the 35 U.S.C. 101 rejection is withdrawn 
Applicant's arguments towards the art rejection are directed towards the newly amended limitations. These arguments have been considered but are moot in view of the new ground(s) of rejection.
Furthermore, for applicant convenience, the examiner includes plain explanation (using the underlined italic fonts) of examiner’s interpretation of the cited fragments of Dotan’s teaching.  This explanation should help applicant to map the argued (and not argued) limitations to Dotan’s disclosure.


Claims 1-21 are pending.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 


Claim Rejections - 35 USC § 102

Claims 1-2, 13 and 21 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Dotan (USPN 8701174).
An authentication system comprising: a server including at least one server processing device configured to execute an application (as evidenced by protected resource 24 access shown in Fig. 2 and discussed in the associated text); and a desktop virtualization system including at least one virtualization system processing device configured to (the system enabling user device 22 interacting with protected resource 24 as illustrated in Fig. 1 and 2 and discussed in the corresponding text the user able to access resources (e.g. an online banking website) by running a browser application on the virtual desktop rather than on the user’s computer, col. 1 lines 45-56 (thereafter: 1/45-56)): instantiate an access point connection functionality (instantiate an authentication engine service/process to communicate with a user for the purpose of the authentication: the user activates VM client 50 on the end user device 22 which submits a session request to the protected resource.  In response to protected resource 24 directs the authentication engine 28 to authentication the user.  If authentication is initially successful, the authentication engine 28 provides permission to the virtual desktop 6/7-17); receive an indication that a user of a client device is authenticated by the access point; in response to receiving the indication that the user of the client device is authenticated, instantiate a virtual desktop; (upon the users’ successful authentication the virtual desktop server creates a virtual desktop: If authentication is initially successful, the authentication engine 28 provides permission to the virtual desktop server 26 to create a virtual desktop 100 and a virtual desktop session with the end user device 22. Upon such creation, the user is now able to access the protected resource 24 through the virtual desktop via the browser application 102, 6/7-17); in response to authenticating the user of the client device, place the client device in communication with the virtual desktop through the at least one network (upon the users’ successful authentication the virtual desktop server creates a virtual desktop enabling the user access to protected resources: if the authentication is successful, the authentication engine 28 provides permission to the virtual desktop server 26 to create a virtual desktop and a virtual desktop session with the end user device 22. Upon such creation, the user is now able to access the protected resource 24 through the virtual desktop via the browser application 102, 6/12-17); authenticate the user of the client device, launch a secure browser in the virtual desktop and using the secure browser, place the client device in communication with the server through the at least one network (upon the users’ successful authentication the virtual desktop server creates a virtual desktop enabling, via the browser application within the virtual desktop, the user access to protected resources: if the authentication is successful, the authentication engine 28 provides permission to the virtual desktop server 26 to create a virtual desktop and a virtual desktop session with the end user device 22.  Upon such creation, the user is now able to access the protected resource 24 through the virtual desktop via the browser application 102, 6/12-17 while the virtual desktop 100 is running, the user is able to communicate with the protected resource 24 through the virtual desktop 100.  For example, the user is able to run a browser application 102 within the virtual desktop 100 as interface to protected resource, 5/59-67 and 6/12-17); wherein the application is configured to perform processing in response to at least one command from the client device sent through the secure browser of the virtual desktop (the user accessing protected resources from the client device via the browser within the virtual desktop: while the virtual desktop 100 is running, the user is able to communicate with the protected resource 24 through the virtual desktop 100.  For example, the user is able to run a browser application 102 within the virtual desktop 100 as interface to protected resource, 5/59-67).
Lastly, note Fig. 2, 3/52-62, 4/58-60, 5/27-45 and claims 10-12¸ for example, indicating the taught entities including at least one device. 

Claim Rejections - 35 USC § 103

Claims 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Dotan (USPN 8701174).
Dotan teaches the at least one client processor is configured to: perform processing associated with authenticating the user and sending the at least one command (e.g. 4/55-60)
Although not expressly cited, Official Notice is taken that preventing processing associated with tasks unrelated to the processing associated with authenticating the user and sending the at least one command would have been an old and well known in the art before the effective filling date of the invention (e.g. malware/virus and/or error handling) offering the benefit of increased security.  

Claims 4-5, 7-10, 15 and 16-19     4-6, 11-12, 15-17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Dotan (USPN 8701174) in view of Mozer (USPUB 20020194003) and Grandcolas (USPUB 20070050840).
Dotan teaches the client device supplying credentials to the virtualization system processor for authenticating user, as discussed above.  
Dotan does not, but in the related art, Mozer teaches the client comprising biometric sensor providing additional biometric credentials and the processor determining that the received additional biometric credentials match known credentials of the user (client system 210 includes a biometric input device for gathering biometric data of a user, para 21, client prompts the user for additional biometric data and the server may use the additional biometric data, para 42, server matches received biometric data against data of authorized users, para 32). It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include including Mozer’s teaching in Dotan’s invention in order to increase confidence that the user is an authorized user.
Dotan teaches upon successful authentication of the information received from the client launching the secure browser in the virtual desktop to enable access to resource to utilize a banking application (if authentication successful the user is enabled to access to resources such as a banking website via browser application 102, at least one server processor, 6/7-17, 9/18-19, etc.) but Dotan does not expressly teach receive user authentication information from the secure browser; and prior to performing at least one banking task validating the user authentication information by at least one processor.  However, such solution would have been obvious variant as illustrated by Grandcolas (the customer at the computing device logs on the financial institution home banking portal server using a browser and selects a sensitive transaction task, such as a wire transfer, is prompted by the server to enter the customer authentication access.  The customer selecting on a financial institution portal a link to a sensitive transaction, an authorization page is displayed that explains the need for an authorization code.  The secret code entered by the customer on the authorization page is compared by the portal with the stored secret code see Fig. 9-10, 16, para 56, 61-62, etc. and a skilled in the art would appreciate that computing devices offer the functionalities using processing devices).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include Grandcolas’ teaching into Dotan’s invention given the predictable benefit of increased security and customization.
Dotan (/as modified) teaches receiving the one-time passcode from the client device; and determining that the one-time passcode from the client device matches the one-time passcode (authenticating when received from the client device correct OTP, e.g. 7/7-46) but fails to teach the one-one time passcode issued by the authentication service.  However, implementing known solution of the authentication service matching the issued one-time passcode as illustrated by Grandcolas (transaction server generates one-time activation code for delivery to the customer’s email address and determines whether the received one-time code is valid, see para 59-60, for example) offering the predictable benefit of security and customization. 

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840.  The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/PIOTR POLTORAK/Primary Examiner, Art Unit 2433