DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Sadiq A. Ansari (Reg. No. 64,270) on 01/26/2022.

The application has been amended as follows: 


1.	(Currently amended) A device, comprising:	
a memory storing a plurality of processor-executable instructions; and 
one or more processors configured to execute the processor-executable instructions, wherein executing the processor-executable instructions causes the one or more processors to:
provide a token to a user device based on authenticating the user device;
being based on a Lightweight Directory Access Protocol (LDAP) authentication procedure and including the token;
create, based on receiving the first request to access the first application, a set of temporary credentials; 
provide the set of temporary credentials to the user device, wherein the user device provides the set of temporary credentials to one or more devices that implement the first application; 
receive the set of temporary credentials from the one or more devices that implement the first application;
authenticate the first request to access the first application based on the token included in the first request, wherein authenticating the first request further includes verifying that the received set of temporary credentials match the created set of temporary credentials;
identify a first subset of information, out of a set of information associated with the user device, for which the first application is authorized to access;
provide the first subset of information to the authenticated first application;
receive a second request to access a second application, the second request being based on the LDAP authentication procedure and including the token and a second identifier of the second application;
authenticate the second request to access the second application based on the token included in the second request;
identify a second subset of information, out of the set of information associated with the user device, for which the first application is authorized to access; and

2.	(Original) The device of claim 1, wherein the one or more processors are further configured to:
receive correlation information correlating different application identifiers to different subsets of the set of information associated with the user device,
wherein the first request includes an identifier of the first application, wherein identifying that the first application is authorized to access the first subset of information includes identifying that the correlation information correlates the first application identifier to the first subset of information associated with the user device, and
wherein the second request includes an identifier of the second application, wherein identifying that the second application is authorized to access the second subset of information includes identifying that the correlation information correlates the second application identifier to the second subset of information associated with the user device.
3.	(Original) The device of claim 1, wherein providing the first subset of information to the first application includes forgoing providing other information, of the set of information associated with the user device, to the first application.
4.	(Original) The device of claim 1, wherein authenticating the user device is performed based on a particular set of authentication credentials associated with the user device, and wherein authenticating the first and second requests is performed without using the particular set of authentication credentials associated with the user device.
5.	(Canceled herein)
6.	(Canceled herein)
1, wherein the set of temporary credentials is provided to the user device via a redirect message.
8.	(Currently amended) A method, comprising:	
providing a token to a user device based on authenticating the user device;
receiving a first request to access a first application, the first request being based on a Lightweight Directory Access Protocol (LDAP) authentication procedure and including the token;
creating, based on receiving the first request to access the first application, a set of temporary credentials; 
providing the set of temporary credentials to the user device, wherein the user device provides the set of temporary credentials to one or more devices that implement the first application; 
receiving the set of temporary credentials from the one or more devices that implement the first application;
authenticating the first request to access the first application based on the token included in the first request, wherein authenticating the first request further includes verifying that the received set of temporary credentials match the created set of temporary credentials;
identifying a first subset of information, out of a set of information associated with the user device, for which the first application is authorized to access;
providing the first subset of information to the authenticated first application;
receiving a second request to access a second application, the second request being based on the LDAP authentication procedure and including the token and a second identifier of the second application;

identifying a second subset of information, out of the set of information associated with the user device, for which the first application is authorized to access; and
providing the second subset of information to the authenticated second application.
9.	(Original) The method of claim 8, further comprising:
storing correlation information correlating different application identifiers to different subsets of the set of information associated with the user device,
wherein the first request includes an identifier of the first application, wherein identifying that the first application is authorized to access the first subset of information includes identifying that the correlation information correlates the first application identifier to the first subset of information associated with the user device, and
wherein the second request includes an identifier of the second application, wherein identifying that the second application is authorized to access the second subset of information includes identifying that the correlation information correlates the second application identifier to the second subset of information associated with the user device.
10.	(Original) The method of claim 8, wherein providing the first subset of information to the first application includes forgoing providing other information, of the set of information associated with the user device, to the first application.
11.	(Original) The method of claim 8, wherein authenticating the user device is performed based on a particular set of authentication credentials associated with the user device, and wherein authenticating the first and second requests is performed without using the particular set of authentication credentials associated with the user device.

13.	(Canceled herein)
14.	(Currently amended) The method of claim [[13]] 8, wherein the set of temporary credentials is provided to the user device via a redirect message.
15.	(Currently amended) A non-transitory computer-readable medium, storing a plurality of processor-executable instructions to:
provide a token to a user device based on authenticating the user device;
receive a first request to access a first application, the first request being based on a Lightweight Directory Access Protocol (LDAP) authentication procedure and including the token;
create, based on receiving the first request to access the first application, a set of temporary credentials; 
provide the set of temporary credentials to the user device, wherein the user device provides the set of temporary credentials to one or more devices that implement the first application; 
receive the set of temporary credentials from the one or more devices that implement the first application;
authenticate the first request to access the first application based on the token included in the first request, wherein authenticating the first request further includes verifying that the received set of temporary credentials match the created set of temporary credentials;
identify a first subset of information, out of a set of information associated with the user device, for which the first application is authorized to access;
provide the first subset of information to the authenticated first application;
being based on the LDAP authentication procedure and including the token and a second identifier of the second application;
authenticate the second request to access the second application based on the token included in the second request;
identify a second subset of information, out of the set of information associated with the user device, for which the first application is authorized to access; and
provide the second subset of information to the authenticated second application.
16.	(Original) The non-transitory computer-readable medium of claim 15, further comprising processor-executable instructions to:
store correlation information correlating different application identifiers to different subsets of the set of information associated with the user device,
wherein the first request includes an identifier of the first application, wherein identifying that the first application is authorized to access the first subset of information includes identifying that the correlation information correlates the first application identifier to the first subset of information associated with the user device, and
wherein the second request includes an identifier of the second application, wherein identifying that the second application is authorized to access the second subset of information includes identifying that the correlation information correlates the second application identifier to the second subset of information associated with the user device.
17.	(Original) The non-transitory computer-readable medium of claim 15, wherein providing the first subset of information to the first application includes forgoing providing other information, of the set of information associated with the user device, to the first application.

19.	(Canceled herein) 
20.	(Canceled herein) 
21.	(New) The non-transitory computer-readable medium of claim 15, wherein the processor-executable instructions further include processor-executable instructions to:
notify the first application that the user device has been authenticated for accessing the first application; and
delete the created set of temporary credentials based on authenticating the first request to access the first application.
22.	(New) The non-transitory computer-readable medium of claim 15, wherein the created set of temporary credentials are a first set of temporary credentials, wherein authenticating the second request is based on using a different second set of temporary credentials.
23.	(New) The device of claim 1, wherein the one or more processors are further configured to:
notify the first application that the user device has been authenticated for accessing the first application; and
delete the created set of temporary credentials based on authenticating the first request to access the first application.

25.	(New) The method of claim 8, further comprising:
notifying the first application that the user device has been authenticated for accessing the first application; and
deleting the set of temporary credentials based on authenticating the first request to access the first application.
26.	(New) The method of claim 8, wherein the created set of temporary credentials are a first set of temporary credentials, wherein authenticating the second request is based on using a different second set of temporary credentials.

Allowable Subject Matter
Claims 1-4, 7-11, 14-18 and 21-26 are allowed.

Reasons for Allowance
According to 37 C.F.R. 1.104(e), it is the examiner's discretion to evaluate at the time of allowance whether the record of the prosecution as a whole does not make clear his or her reasons for allowing a claim or claims and set forth such a reasoning. At this time, the examiner believes that the claims allowed above require a separate reasoning to make the record clearer. The applicant or patent owner may file a statement commenting on the reasons for allowance within such time as may be specified by the examiner.
The following is an examiner’s statement of reasons for allowance:

Claims 1-4, 7-11, 14-18 and 21-26 are allowed by way of this Examiner’s Amendment. 
The closest prior art on record that was found are the following references cited on PTO-892:
U.S. 10,375,053 B2	“Sridharan et al.”
U.S. 2005/0198,036 	“Nedkov”
Sridharan discloses a cross-platform single sign on system. Furthermore, when a user first makes use of the system, the user transmits user credentials and the system acts as an intermediary with the cloud productivity application’s service provider. Access tokens are exchanged, including a multi-resource refresh token. Although Sridharan teaches several of the features of the instant application, the reference fails to disclose the use of temporary credentials and also does not disclose that the system uses the LDAP protocol. The examiner’s amendment now incorporates these features, for this reason Sridharan would not be sufficient to disclose the claimed invention.
Nedkov, cited in the parent application, discloses a system in which a user is permitted to access a public data network via a visited access provider. Furthermore, the visited authentication server supplies the user with the address of a credit provider to establish temporary credentials that can be used with the visited authentication server in lieu of the actual credentials for enhanced security and to prevent the visited authentication server to have access to these credentials. Although Nedkov discloses temporary credentials similar to those disclosed in the instant application, again there is no mention of the LDAP protocol or the single sign on tokens discussed in the claimed invention. 

Therefore, the prior art of record does not teach or suggest individually or in combination the particular limitations listed below as recited in the current claims:
	“…receive a first request to access a first application, the first request being based on a Lightweight Directory Access Protocol (LDAP) authentication procedure and including the token; create, based on receiving the first request to access the first application, a set of temporary credentials; provide the set of temporary credentials to the user device, wherein the user device provides the set of temporary credentials to one or more devices that implement the first application; receive the set of temporary credentials from the one or more devices that implement the first application; authenticate the first request to access the first application based on the token included in the first request, wherein authenticating the first request further includes verifying that the received set of temporary credentials match the created set of temporary credentials…”
None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Alexander Lagor whose telephone number is (571)270-5143. The examiner can normally be reached Monday thru Friday, 9:00 AM to 5:00 PM (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashokkumar B. Patel can be reached on (571) 272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ALEXANDER LAGOR/            Primary Examiner, Art Unit 2491