DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 28 January 2022 has been entered.
 Response to Amendment
Applicant’s amendment filed 28 January 2022 amends claims 1, 3-5, 7-18, and 21-34. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues, “The applied documents, considered alone or in combination, do not disclose or suggest all the feature of the Assignee’s claims, such as, for example, ‘responsive to determining that the program credential is not approved, requesting, from a host operating system, to initiate execution of a new instance of a client program with parameters to receive said authenticated session for said login request,’ as recited in claim 1.” This argument has been fully considered and is persuasive. Therefore, the previous rejections have been withdrawn.
Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Jeff D. Limon on 10 February 2022.
The application has been amended as follows: 
Claim 1.  (Currently Amended) A method for mitigating an on-line phishing attack, the method comprising:
electronically receiving a login request initiated from a first client program operating on a first client device; and
initiating an electronic authentication process based, at least in part, on said login request, the electronic authentication process comprising: 
authenticating to a server with a user credential by a second client program operating on a second client device; 
determining, by said second client program, whether a program credential for said first client program is approved to receive an authenticated session; and
responsive to determining that the program credential is not approved, transferring said authenticated session to a new instance of a client program operating on said second client device by requesting, from a host operating system, to initiate execution of [[a]] said new instance of [[a]] said client program with parameters to receive said authenticated session for said login request.

	Cancel claim 3.

Claim 11. (Currently Amended) The method of claim 1, and further comprising electronically communicating a service parameter for electronically accessing a protected resource in said new instance of said client program operating on said second client device.

Cancel claim 12.

Claim 13. (Currently Amended) The method of claim 10, wherein,
r
a protected resource is to be accessed via an electronic transfer of said authenticated session for said login request from said second client device to

Claim 18. (Currently Amended) An apparatus comprising:
a communication interface to communicate with an electronic communications network and one or more processors coupled to a memory and to the communication interface, the communication interface and the one or more processors to:
electronically receive a login request initiated from a first client program to operate on a first client device; and
initiate an electronic authentication process based, at least in part, on said login request, the electronic authentication process comprising: 
authenticating to a server with a user credential by a second client program to operate on a second client device;
determining by said second client program, whether a program credential for said first client program is approved to receive an authenticated session; and
responsive to determining that the program credential is not approved, to transfer said authenticated session into a new instance of a client program operating on said second client device by requesting, from a host operating system, to initiate execution of [[a]] said new instance of [[a]] said client program operating on said second client device with parameters to receive said authenticated session for said login request.

Claim 19. (Currently Amended) The apparatus of claim 18, wherein said login request is to comprise [[a]] said user credential or a part thereof.

Claim 21.  (Currently Amended) The apparatus of claim 18, wherein responsive to determining that said program credential is approved, said one or more processors [[is]] are further to electronically communicate a service parameter, the service parameter being utilized to transfer said authentication session for accessing a protected resource back to said first client program operating on said first client device.

Claim 22. (Currently Amended) The apparatus of claim 18, wherein determination that [[a]] said program credential is not approved, said one or more processors is further to electronically communicate a service parameter to electronically access in said new instance of said client program operating on said second client device

Claim 23. (Currently Amended) The apparatus of claim 18, wherein said second client device is communicatively coupled with said first client device.

Claim 24. (Currently Amended) The apparatus of claim 18, wherein a protected resource is to be accessed via an electronic transfer of said authenticated session for said login request from [[a]] said second client device to [[a]] said first client device.

Claim 26. (Currently Amended) A non-transitory storage medium having instructions executable by a processor to:
electronically receive a login request from initiated from a first client program operating on a first client device; and
initiate an electronic authentication process based, at least in part, on said
login request, the electronic authentication process to comprise:
authenticating to a server with a user credential by a second client program operating on a second client device; 
determining, by said second client program, whether a program credential for said first client program is approved to receive an authenticated session; and
responsive to determining that [[the]] said program credential is not approved, transferring said authenticated session to a new instance of a client program operating on said second client device by requesting, from a host operating system, to initiate execution of [[a]] said new instance of [[a]] said client program operating on said second client device with parameters to receive said authenticated session for said login request.

Claim 29. (Currently Amended) The non-transitory storage medium of claim 26, wherein said instructions executable by said processor are further to [[to]] electronically communicate a service parameter, the service parameter being utilized to
transfer said authenticated session, for accessing a protected resource, back to said first client program operating on said first client device.

Claim 30. (Currently Amended) The non-transitory storage medium of claim 26, 
responsive to a determination that [[a]] said program credential is not approved, said instructions executable by said processor being further to electronically communicate a service parameter to electronically access a protected resource in said new instance of said client program operating on said second client device 

31. (Currently Amended) The non-transitory storage medium of claim 26, wherein said second client device is communicatively coupled with said first client device.

32. (Currently Amended) The non-transitory storage medium of claim 26, wherein a protected resource is to be accessed via an electronic transfer of said authenticated session for said login request from [[a]] said second client device to [[a]] said first client device.

Claim 34. (Currently Amended) An electronic authentication infrastructure, the electronic authentication infrastructure comprising:
at least one client device communicatively coupled to at least one authenticator;
at least one service communicatively coupled to the at least one client device, wherein the at least one service is accessed by the at least one client device, wherein the at least one service is communicatively coupled to said at least one authenticator,
wherein the at least one client device is programmed with instructions to: 
generate a user credential to comprise at least one asymmetric key pair for authentication, wherein the at least one asymmetric key pair further comprises a user credential private key and a user credential public key;
associate the user credential with the at least one service;
wherein the service is programmed with instructions to:
authenticate [[the]] a user by issuing a challenge, wherein the challenge
comprises a large random number and additional information provided by the
service; and
check that a response to the challenge is a digital signature of the challenge by the user credential private key that is verifiable with the user credential public key;
responsive to a determination that the user is authenticated, to electronically communicate a service parameter, the service parameter being utilized to receive an authenticated session;
determine whether a program credential is approved, wherein

a login request is initiated from a client program operating on a first client device of the at least one client device, and wherein said login request is authenticated via a second client program operating on a second client device of the at least one client device, and 
responsive to a determination that said program credential is not approved, 
transfer said authenticated session to a new instance of a client program on said second client device.

Allowable Subject Matter
Claims 1, 2, 4-11, 13-34 are allowed.
The following is an examiner’s statement of reasons for allowance:
The prior art does not disclose or make obvious the claimed phishing mitigation that requires a login request to be received from a first client program operating on a first client device such that the received login request triggers an authentication process by a second client program operating on a second client program. If the second client program operating on the second client device determines that a program credential for the first client program is not approved, the authentication session is transferred to a new instance of a client program operating on the second client device such that new instance of the client program receives parameters for the authenticated session for the login request.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437