Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Carlson (US Patent Pub. 2014/0143137).


As per claims 1 and 19-20: A system to provide access to a service, comprising (see abstract): 
Paragraph 40; the untrusted device may include a device where a transaction or action may be initiated or completed. For example, an untrusted device may include an ATM device, a point-of-sale (POS) device, a public computer (e.g., a computer at a cybercafe), a security device (e.g., a secure entry point), or any other device that may perform a transaction or requested action that may request secure); and 
a processor coupled to the communication interface and configured to: authenticate a user associated with the request at least in part by prompting the user to use a managed device associated with the user to interact with data displayed at the unmanaged device (Paragraph 32; The trusted intermediary may then provide user credentials (e.g., username, password, etc.) to the secure online host computer and the secure online host computer may authenticate the user and provide access to the secure information if the credentials are authenticated); and 
provide access to the service via the unmanaged device at least in part via a virtual browser instance running on a secure node and configured to access the service on behalf of the user and stream data associated with the service to the unmanaged device (Paragraph 168; provide access to secure information to an untrusted computer. The online website service provider computer 840 may comprise any number of software modules in order to complete the functionality described herein).
As per claim 2: The system of claim 1, wherein the unmanaged device comprises an unmanaged desktop or laptop computer (Paragraph 40; the untrusted device may include a device where a transaction or action may be initiated or completed).
As per claim 3: The system of claim 1, wherein the unmanaged device comprises an untrusted browser (Paragraph 40; the untrusted device may include a device where a transaction or action may be initiated or completed). 
As per claim 4: The system of claim 1, wherein the processor is further configured to determine that the unmanaged device is not managed (Paragraph 40; The untrusted device may be controlled by an untrusted device controller, server computer, authentication device, or other backend system that makes decisions regarding requested transactions or actions at the untrusted device).
As per claim 5: The system of claim 4, wherein the determination that the unmanaged device is not managed is based at least in part on a determination that the request did not arrive via a secure tunnel associated with the managed device (Paragraph 40; The untrusted device may be controlled by an untrusted device controller, server computer, authentication device, or other backend system that makes decisions regarding requested transactions or actions at the untrusted device).
As per claim 6: The system of claim 1, wherein the user is authenticated at least in part by causing a QRC or other optical code to be displayed via the unmanaged device and prompting the user to scan the code using the managed device (Paragraph 43; the pairing identifier may include a series of alphanumeric characters, one or more graphics, a bar code, a QR code, or any other information that may be associated with an untrusted device controller).
As per claim 7: The system of claim 1, wherein access to the service is provided at least in part by auto- posting an authorization token to a virtual browser provider (Paragraph 99; The authentication request may include an identifier for the user operating the trusted device 120 (e.g., username, customer number, registration number, full name, etc.), a trusted device identifier (e.g., phone number, serial number, etc.), authentication credentials (e.g., a password, account authentication token, etc.), or any other information that may be relevant to an authentication process).
As per claim 8: The system of claim 7, wherein the auto-post communication includes context data associated with one or more of the unmanaged device, the user, the service, and the request (Paragraph 99; The authentication request may include an identifier for the user operating the trusted device 120 (e.g., username, customer number, registration number, full name, etc.), a trusted device identifier (e.g., phone number, serial number, etc.), authentication credentials (e.g., a password, account authentication token, etc.), or any other information that may be relevant to an authentication process).
As per claim 9: The system of claim 8, wherein the processor is further configured to receive at least a portion of the context data from the virtual browser instance (Paragraph 99; The authentication request may include an identifier for the user operating the trusted device 120 (e.g., username, customer number, registration number, full name, etc.), a trusted device identifier (e.g., phone number, serial number, etc.), authentication credentials (e.g., a password, account authentication token, etc.), or any other information that may be relevant to an authentication process). 
As per claim 10: The system of claim 1, wherein the processor is further configured to provide to the virtual browser instance a SAML assertion or other credential to access the service on behalf of the user (Paragraph 32; The trusted intermediary may then provide user credentials (e.g., username, password, etc.) to the secure online host computer and the secure online host computer may authenticate the user and provide access to the secure information if the credentials are authenticated).
As per claim 11: The system of claim 1, wherein the processor is further configured to set at the virtual browser instance a user-identifying cookie associated with the request.
As per claim 12: The system of claim 11, wherein the service comprises a first service and the virtual browser instance is configured to use the user-identifying cookie to provide the user with access to a second service via the virtual browser instance.
As per claim 13: The system of claim 1, wherein the processor is further configured to provide to the virtual browser instance a SAML assertion or other credential to access the service on behalf of the user and the virtual browser instance is configured to use the SAML assertion or other credential to access the service on behalf of the user (Paragraph 32; The trusted intermediary may then provide user credentials (e.g., username, password, etc.) to the secure online host computer and the secure online host computer may authenticate the user and provide access to the secure information if the credentials are authenticated).
As per claim 14: The system of claim 1, wherein the virtual browser instance is configured to provide access to the service via remote browser isolation (Paragraph 174; the untrusted browser or access interface operating on the untrusted computer 830 generates a pairing identifier request or secure access request that informs the online account provider computer 840 that secure access log-in mode has been requested).
As per claim 15: The system of claim 1, wherein the virtual browser instance is configured to provide access to the service at least in part by streaming to the unmanaged device HTML or other data comprising data received from the service (Paragraph 40; The untrusted device may be controlled by an untrusted device controller, server computer, authentication device, or other backend system that makes decisions regarding requested transactions or actions at the untrusted device).
As per claim 16: The system of claim 1, wherein the virtual browser instance is configured to provide access to the service at least in part by receiving and processing service-related commands entered by the user at the unmanaged device via a page associated with the service displayed at the unmanaged device (Paragraph 40; The untrusted device may be controlled by an untrusted device controller, server computer, authentication device, or other backend system that makes decisions regarding requested transactions or actions at the untrusted device).
As per claim 17: The system of claim 1, wherein the processor is further configured to filter service-related data received from the service to exclude at least a subset of service-related data from being provided to the unmanaged device (Paragraph 81; Where multiple trusted intermediaries exist in a pairing system, the untrusted device controller 140 may send the pairing identifier to all trusted intermediaries or to a designated trusted intermediary 150 that may be associated with the particular untrusted device 130, region where the untrusted device 130 is located, or through any other method of separating pairing requests from a larger subset of trusted intermediaries).
As per claim 18: The system of claim 1, wherein the processor is further configured to filter service-related data based at least in part on one or more of a policy, a rule, a context data, and a configuration data (Paragraph 121; the contents of the transaction request may depend on the configuration and type of entity being used as the trusted intermediary computer 150).


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/ANTHONY D BROWN/Primary Examiner, Art Unit 2433