DETAILED ACTION
This Final Office Action is in response to amendment filed on 02/03/2022. Claims 1, 7, 11, 17 and 20  have been amended. Claims 1-20  remain pending in the application. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings filed on 08/14/2020 are accepted.

Response to Amendment 
Applicant’s claims amendments have overcome the objection previously set forth in the Non-Final Office Action mailed on 10/05/2021. 

Response to Arguments 
Applicant's arguments filed 02/03/2022 have been fully considered but they are not persuasive.
Applicant stated “Applicant respectfully disagrees with the Examiner's allegations and traverses tile Examiner's rejections under 35 USC 103. Notwithstanding Applicant's disagreement with the rejections, and solely to expedite prosecution of the present application, Applicant submits amended independent claims 1, 1 ·1 and 20, which inter alia, generating credentials based at least in part on ,..an entropy target used to generate a sequence of bits in the credentials…
With respect to the added limitation of generating a sequence of bits in the credentials, examiner submits that the generating sequence of bits in credentials is an inherent feature in generating computer credentials, or any computer information, used in computer systems, as the mere recitation of sequence of bits does not indicate any special feature associated with the sequence of bits other than the inherent nature of any computer credentials or information used, i.e. the generation of a computer credential, by any means of generation, would result in a computer credential comprising binary bits. Furthermore, Sade explicitly disclose in [0114, 0120] the generation of provisioned credentials and generating binary data to generate credentials, corresponding to sequence of bits. 
Applicant further stated “At page 10 of the Office Action, the Examiner admits that Baneriee in view of Sade and Yang does NOT disclose generating credentials based on entropy target, but alleges that Lew discloses generating credential based on entropy target, as Lew discloses in para. [0030] credential based on random phrase audio recording, and in para. [0036] " ... analyzing an audio recording generated by the client device 110, where the audio recording includes the vocalization of a random phrase previously generated by the online system 150 for the user". The Examiner appears to characterize a random audio clip from Lew as an entropy target. Applicant respectfully disagrees and has clarified in the independent claims that the entropy target is used to generate a sequence of bits in the credentials. With all due respect, para. [0048] of the application as filed provides that, ''an entropy target, or complexity or randomness target, may be selected or mandated by the enterprise." Para. [0049] of the application provides that user input can provide additional randomness input into the credential generation process by supplying random data. Lew does not teach or suggest credential generation based on any entropy target. Lew at para. [0030] states that a system 130 sends a query to the client device 110 for authentication information, examples of which include login credentials of the user of the client device 110 OR an audio recording of a random phrase. That is, at least in para. [0030] of Lew, the audio recording of a random phrase IS used as authentication information, and not used to generate login credentials. Authentication is a different process from credential generation. Once credentials are generated, they may be authenticated. Lew is about authentication of user-supplied credentials, as further explained below…There is NO credential generation in Lew based on the audio recording, much less based on an entropy target. Lew does not teach or suggest using any audio recording to generate a credential comprising a sequence of bits. Moreover, Lew does not disclose generating credentials based at least in part on ...an entropy target used to generate a sequence of bits in the credentials.” 
Examiner respectfully disagrees. Examiner notes that the recitation of “entropy target” lends itself to many interpretations, furthermore, consistent with the specification of the instant application, examiner interprets/characterizes the “entropy target” as a randomness target, e.g. randomness associated with audio clip, as described in [0048-0049]. In this respect, Lew discloses in e.g. [0030-0040] the generation of a credential in a form of a random phrase to be vocalized by the user in order to authenticate the user.
Examiner respectfully asserts that the stored voiceprint is a form of credential generation and whenever authentication is required, the user vocalizing the randomly generated phrase is also a form of credential generation. Therefore, Lew discloses generating a credential that is based on randomness in the generated phrase, where the random phrase is to be enunciated by the user and then compared with the voiceprint stored at an online system 150. Therefore, the credential disclosed by Lew, which is generated and authenticate the user, is a clip/audio recording of the user vocalizing the random phrase generated by the online service, which is used by the online service to compare the audio/clip with the stored voiceprint, and accordingly judges successful authentication. Therefore, the combination of Sade and Lew disclose the aforementioned argued limitation. Particularly, Sade teaching the generation of credentials based on user identify, where the process of generating credentials is used to generate binary bits, and Lew teaching randomness/entropy target, where the process of the credential generation is used to generate binary bits, .e. sequence of bits. 
Applicant further stated “Applicant respectfully notes that the present application provides a system for provisioning a set of credentials that are not set by a user and not visible to the user requesting access to a network resource. The provisioning of the credentials includes automatic generation and encryption of credentials. See e.g., para. [0036] of the application as filed. Lew, on the other hand, promotes the opposite by allowing a user to send their own login credentials (see e.g., para. [0030] of Lew) or use his own audio recording for authentication purposes. It is clear that Lew is non-analogous art, and actually teaches away from the present application. All the other generating credentials based at least in part on an entropy target used to generate a sequence of bits in the credentials in the independent claims. Therefore, independent claims 1, 11 and 20 are novel and non-obvious in view of all the cited references, either taken alone or in combination. Tile dependent claims at least by virtue of being dependent on one of the independent claims, are also novel and non-obvious in view of all the cited references. Withdrawal of all rejections under 35 USC 103 is respectfully requested.”.
Examiner respectfully disagrees. Examiner asserts that the above argued claim limitations as drafted, is devoid of the description above. Particularly, the claim limitation does not explicitly recite that the credential generation is not set by a user and not visible to the user requesting access to a network resource. Therefore, the credential generation, as broadly drafted, can be interpreted to be triggered by a user as recited by Lew, which also reads on the claim limitation in claim 9 of the instant application where the credential generation is based on user input. Examiner further asserts that Lew is an analogues art where Lew discloses credential generation initiated by the user as described above, where the user enables the generation of voiceprint for future authentication of the user.
Applicant further stated “Applicant notes that the Examiner has used four difference references to reject claim 1, including Lew, which as stated above, is non-analogous and teaches away from the present application. MPEP § 214·1 .02(VI) states that "[a] prior art reference must be considered in its entirety, i.e., as a whole, including portions that would lead away from the claimed invention." Further, MPEP §2145 
It is impermissible to ''read into the prior art the teachings of the invention in issue." Plantronics, Inc. v. Aliph, Inc., 724 F.3d 1343, 1355 (Feel. Cir. 2013) (citing Graham v. John Deere Co. of Kan. City, 383 U.S. 1, 36 (1966)). "What matters is the path that the person of ordinary skill in the art would have followed, as evidenced by the pertinent prior art." Otsuka Pharm. Co. v. Sandoz, Inc., 678 F.3d 1280, 1296 (Fed. Cir. 2012); MPEP § 2142. Hindsight is present when there is "no finding as to the specific understanding or principle ... that would have motivated one with no knowledge of [the Applicant's] invention to make the combination in the manner claimed." In re Kotzab, 2·17 F.3d 1365, 1371 (Fed. Cir. 2000). "Knowledge of applicant's disclosure must be put aside in reaching this determination [of obviousness] ... [T]he legal conclusion must be reached on the basis of the facts gleaned from the prior art." MPEP § 2142.
Applicant further submits that it would be unreasonable to presume that a person of ordinary skill would know of or even be motivated to combine Lew with the other references to arrive at the claims as presented in this application. Non-analogous art, such as Lew, does not qualify as prior art under 35 U.S.C. § 103, and cannot support an obviousness rejection.”
Examiner respectfully disagrees. As described above, the teaching of Lew discloses the randomly generated phrase that is utilized as a form of a credential for authenticating a user, where the user vocalizes the phrase in order to be authenticated. .

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 5-7, 9-12, 15-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang and further in view of Lew (US 20190238535 A1), hereinafter Lew.

	Regarding claim 1 (Currently Amended), Banerjee teaches a computer-implemented method for provisioning credentials (Banerjee discloses in the abstract technique of accessing resources by provisioning credentials indirectly), the method comprising: 
automatically detecting an attempt by a user to access an external network resource (Banerjee discloses when the end user enters  a URL, e.g. www.facebook.com, the browser extension executing on the web browser detects that the user is attempting to access the URL, [0081] “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.”); 
determining whether the resource requires credentials for access (Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally. At step 3, the browser extension responsively generates and sends a protected resource access request to the credential management and secure information (ZPL) platform 540.”, where privileged resource requires credentials and user identity  verifications performed by ZPL application running in user mobile device 512 in Figure 5, as disclosed in [0084], [0085] “At step 10, the credential management and secure information (ZPL) platform 540 provides the credentials to the access system 510 and, more particularly, the browser extension operating with a web browser on the access system 510.”); 
determining whether credentials have been previously generated for the user and the resource (Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541…the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052], where the user credentials stored during the registration process as disclosed in [0021]); 
Banerjee discloses thee above limitations, and further discloses encrypted credentials. Banerjee however does not disclose the below limitations.
Sade discloses when the resource requires credentials for access and credentials have not previously been generated (Sade disclose [0030] “…determining, in response to the request, the existence or absence of provisioned credentials for the user client for the target service, and [0031] “i) when the provisioned credentials are absent”, [0182] “…determining if the provisioned credentials are already present. If not, new provisioned credentials are created in response to the request”, where the target service correspond to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service, by retrieving existing provisioned credentials or creating new provisioned credentials.”): 
generating credentials based at least in part on  [and an entropy target] used to generate a sequence of bits in the credentials (Sade discloses [0031] “i) when the provisioned credentials are absent, creating new provisioned credentials for the user client”, [0056] “the credential generation module performs…registering the provisioned credentials with a user directory accessed by the target service to validate the provisioned credentials”, [0112] “…before the provisioned credentials are created it is first determined whether the user client is authorized to establish a session with the requested target service. Provisioned credentials are created only for authorized user clients.”, [0113] “provisioned credentials are created as follows: [0114] 1) Credentials including the required fields are generated (e.g. by creating strings, binary data and/or other credential data). The generated credentials may include an account name and a password”,
 [0135] “…provisioning system 500 has access to a user directory which holds user accounts. The user account stores the respective authentication and/or provisioned credentials and may also define which resources the respective user is entitled to use, so that provisioning system 500 may issue provisioned credentials only to entitled users. A user account may be created for any type of user, including human users and/or applications and/or groups of users.”, [0176] “…the provisioned credentials are based on the user entitlements which are optionally determined from the authentication credentials”,
[0120] 1) The provisioned credentials (e.g. strings, binary data and/or other credential data) are generated,
where the credential is generated with on binary data, i.e. sequence of bits.); 
storing the [encrypted] credentials in a memory (Sade [0114] “…the credential data is stored in a repository (e.g. local storage on the intermediate element, PAMS, target service or other locations).”, [0184] “Storing provisioned credentials for the respective user in a user directory connected to the communication network”, [0221] “…the privileged credentials are stored in a memory within or accessible to provisioning system 500.”, [0228] “…the user directory is accessible by the target service and validates provisioned credentials to the target service.”).  
[0245] “the communication protocol is a Web pages protocol, and the provisioning system provisions the provisioned credentials by automatically filling in fields in web forms and other HTML elements.”
[0265] “The provisioning system may generate provisioned credentials internally (e.g. random credentials) and/or store provisioned credentials in an internal directory.”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).
Banerjee in view of Sade do not disclose the below limitations. Emphasis in Italic.
Yang  discloses requesting, over a network, a public cryptographic key from a key server; receiving, over the network, the public cryptographic key from the key server; encrypting the credentials using the public cryptographic key (Yang discloses sending a request to network device, corresponding to a key server, to establish wireless connection 231 and subsequent to the request and the established wireless connection, a public key is received to encrypt credentials, [0082] “Wireless communication unit 330 is configured to send a wireless connection request to the network device, the network device being associated with a network device identifier, the connection request comprising the network device identifier, and establishing a first wireless connection 231 with the network device. Connection request follows the same wireless protocol for which wireless communication device 230 is configured, e.g., Wi-Fi.”, [0083] “Provisioning unit 320 is configured to receive the public key from the network device over the established first wireless connection 231, to encrypt the credentials through the public key”); and 
storing the encrypted credentials in a memory (Yang discloses in in [0008, 0068-0069] that encryptions are communicated between devices only in encrypted form, indicating that the encrypted credentials are stored before communication, [0092] further discloses that encrypted credentials only transmitted after receiving verifications indicating storing encrypted credentials until verification is received from recipient device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade to incorporate the teaching of Yang to utilize the above feature, with the motivation of impeding credentials attacks, as recognized by (Yang [0008]).
Banerjee in view of Sade and Yang disclose the aforementioned limitations, where Sade discloses in [0112-0113, 0176] the credential provisioning generation/creation for accessing resources, where the provisioned credentials are generated based on the identity of the user(s) and their entitlement, i.e. whether the user(s) are authorized, Sade further discloses the provisioned credentials may include binary data strings and other credential data, and further discloses in [0226] that the provisioned credentials may be randomly generated credentials. While the concept of generating credentials based on entropy target is vaguely defined in the claim, however, Banerjee in view of Sade and Yang does not disclose generating credentials based on entropy target.
Lew discloses generating credential based on entropy target (Lew discloses in [0030] credential based on random phrase audio recording, [0036] “…analyzing an audio recording generated by the client device 110, where the audio recording includes the vocalization of a random phrase previously generated by the online system 150 for the user.”,
Consistent with the description of entropy target/source recited in [0049] of the instant application as random data of audio clips).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade and Yang to incorporate the teaching of Lew to utilize the above feature, with the motivation of authenticating users with higher confidence and with less cumbersome authentication experience for the user as recognized by (Lew [0011]).

Regarding claim 2 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not teach the below limitation.
Yang teaches further comprising: identifying a private cryptographic key corresponding to the public cryptographic key; decrypting the encrypted credentials (Yang discloses [0068] “Key memory 212 stores a cryptographic public key and a corresponding private key. The public and private keys are suitable for so-called asymmetric cryptography.”, [0079] “…receive encrypted credentials wirelessly from configurator device 300 over first wireless connection 231; and to decrypt the encrypted credentials through the private key from key memory 212 to obtain the credentials”, further discloses in [0083-0084] encrypting credential with public key and subsequently decrypting the credential using the corresponding private key).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Yang to utilize the above feature, with the motivation of impeding credentials attacks, as recognized by (Yang [0008]).
Banerjee in view of Yang and Lew discloses the above limitations. Yang further discloses using the decrypted credential to connect to an access point as disclosed in [0144], however, Banerjee in view of Yang and Lew do not explicitly disclose inserting the decrypted credentials in a web form to access the resource. Emphasis in Italic.
Sade discloses inserting the decrypted credentials in a web form to access the resource (Sade discloses in [0245] “provisioning system provisions the provisioned credentials by automatically filling in fields in web forms”, to access target service, where the target service corresponds to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service).
 to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).

Claim 12 (Original) is directed to a system, associated with the method claimed in claim 2. Claim 12 is similar in scope to claim 2, and is therefore rejected with the same rationale and motivation as claim 2. 

Regarding claim 5 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the automatically detecting the attempt comprises automatically detecting a universal resource locator (URL) of the resource (Banerjee [0081]  “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.” ).

Claim 15 (Original) is directed to a system, associated with the method claimed in claim 5. Claim 15 is similar in scope to claim 5, and is therefore rejected with the same rationale and motivation as claim 5. 
  
Regarding claim 6 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the determining whether the resource requires credentials for access comprises determining whether the resource is identified in a catalogue (Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally.”, where the process of looking up a stored hash value indicates a table/catalogue storing hash values).

Claim 16 (Original) is directed to a system, associated with the method claimed in claim 6. Claim 16 is similar in scope to claim 6, and is therefore rejected with the same rationale and motivation as claim 6. 
  
Regarding claim 7 (Currently Amended), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the determining whether credentials have been previously generated for the user and the resource comprises determining whether credentials for the user and the resource are present in [[the]] a database (Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “…the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541. In some embodiments, the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052, 0081]).  

Claim 17 (Currently Amended) is directed to a system, associated with the method claimed in claim 7. Claim 17 is similar in scope to claim 7, and is therefore rejected with the same rationale and motivation as claim 7. 

Regarding claim 9 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, wherein the credentials are generated based at least in part on user input from the user (Banerjee discloses in [0021] generating credential during registration based on input from the user, e.g. user password, user biometric information).

Claim 19 (Original) is directed to a system, associated with the method claimed in claim 9. Claim 19 is similar in scope to claim 9, and is therefore rejected with the same rationale and motivation as claim 9. 
  
Regarding claim 10 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not disclose the below limitation.
Sade discloses wherein the credentials are generated based at least in part on user input from an administrator (Sade [0009] “provisioning user 100 manually on the target service by an administrator 110. The administrator connects to the target service (with credential set A) and creates provisioned credentials (set B)”, Sade further discloses the use of the system administrator providing user credentials in [0158] “The authentication credentials may be provided to the user client by any means known in the art (e.g. by a system administrator, by a user, by another system element, etc.).”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]) and providing/generating credentials by one of finite means, e.g.  system administrator, by a user, by another system element as disclosed by (Sade [0158])

Regarding claim 11 (Currently Amended), Banerjee teaches a computer system (Banerjee discloses in the abstract Systems and technique of accessing resources by provisioning credentials indirectly) comprising: a processor; a memory in communication with the processor, the memory storing instructions that, when executed by the processor cause the processor to (Banerjee [0017] “The techniques introduced herein can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Hence, embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process…”, [0098] “FIG. 7, processing system 702 may comprise a micro-processor and other circuitry that retrieves and executes software 705 from storage system 703. Processing system 702 may be implemented within a single processing device”): 
automatically detect an attempt by a user to access an external network resource (Banerjee discloses when the end user enters  a URL, e.g. www.facebook.com, the browser extension executing on the web browser detects that the user is attempting to access the URL, [0081]  “Initially, at step 1, the end user attempts to access the resource. For example, the end user may open a web browser and enter the URL www.Facebook.com to access the user's Facebook.TM. account. At step 2, the browser extension executing on the web browser detects that Facebook.TM. is a privileged resource.”); 
29-DMS: \134898064\1determine whether the resource requires credentials for access (Banerjee [0081] “The browser extension can detect that the resource is a privileged resource by, for example, looking up a hash value stored inside the browser locally. At step 3, the browser extension responsively generates and sends a protected resource access request to the credential management and secure information (ZPL) platform 540.”, where privileged resource requires credentials and user identity  verifications performed by ZPL application running in user mobile device 512 in Figure 5, as disclosed in [0084], [0085] “At step 10, the credential management and secure information (ZPL) platform 540 provides the credentials to the access system 510 and, more particularly, the browser extension operating with a web browser on the access system 510.”); 
(Banerjee discloses in order for accessing privileged/protected resource, determine the stored credentials associated with the accessing user, [0084] “the credential management and secure information (ZPL) platform 540 accesses the credentials from the data store 541...the credentials might need to be decrypted at the credential management and secure information (ZPL) platform 540 and/or the access system 510.”, where the credentials of the accessing user is associated with secure information the accessing user is provisioned to use and further associated with which resources to be accessed as disclosed in [0052], where the user credentials stored during the registration process as disclosed in [0021]); 
Banerjee does not disclose the below limitation.
Sade discloses when the resource requires credentials for access and credentials have not previously been generated (Sade disclose [0030] “…determining, in response to the request, the existence or absence of provisioned credentials for the user client for the target service, and [0031] “i) when the provisioned credentials are absent”, [0182] “…determining if the provisioned credentials are already present. If not, new provisioned credentials are created in response to the request”, where the target service correspond to external/remote/cloud resources over communication network as disclosed in [0143], [0209] “Provisioning system 500 uses provisioned credentials to enable the user client access to the target service, by retrieving existing provisioned credentials or creating new provisioned credentials.”): 
[and an entropy target] used to generate a sequence of bits in the credentials (Sade discloses [0031] “i) when the provisioned credentials are absent, creating new provisioned credentials for the user client”, [0056] “the credential generation module performs…registering the provisioned credentials with a user directory accessed by the target service to validate the provisioned credentials”, [0112] “…before the provisioned credentials are created it is first determined whether the user client is authorized to establish a session with the requested target service. Provisioned credentials are created only for authorized user clients.”, [0113] “provisioned credentials are created as follows: [0114] 1) Credentials including the required fields are generated (e.g. by creating strings, binary data and/or other credential data). The generated credentials may include an account name and a password”,
 [0135] “…provisioning system 500 has access to a user directory which holds user accounts. The user account stores the respective authentication and/or provisioned credentials and may also define which resources the respective user is entitled to use, so that provisioning system 500 may issue provisioned credentials only to entitled users. A user account may be created for any type of user, including human users and/or applications and/or groups of users.”, [0176] “…the provisioned credentials are based on the user entitlements which are optionally determined from the authentication credentials”,
[0120] 1) The provisioned credentials (e.g. strings, binary data and/or other credential data) are generated, where the credential is generated with binary data, i.e. sequence of bits); 
[request, over a network, a public cryptographic key from a key server; receive, over the network, the public cryptographic key from the key server; encrypt the credentials using the public cryptographic key; and] 
store the [encrypted] credentials in the memory (Sade [0114] “…the credential data is stored in a repository (e.g. local storage on the intermediate element, PAMS, target service or other locations).”, [0184] “Storing provisioned credentials for the respective user in a user directory connected to the communication network”, [0221] “…the privileged credentials are stored in a memory within or accessible to provisioning system 500.”, [0228] “…the user directory is accessible by the target service and validates provisioned credentials to the target service.”).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).
Banerjee in view of Sade do not disclose the below limitations. Emphasis in Italic.
Yang  discloses requesting, over a network, a public cryptographic key from a key server; receiving, over the network, the public cryptographic key from the key server; encrypting the credentials using the public cryptographic key (Yang discloses sending a request to network device, to establish wireless connection 231 and subsequent to the request and the established wireless connection, a public key is received to encrypt credentials, [0082] “Wireless communication unit 330 is configured to send a wireless connection request to the network device, the network device being associated with a network device identifier, the connection request comprising the network device identifier, and establishing a first wireless connection 231 with the network device. Connection request follows the same wireless protocol for which wireless communication device 230 is configured, e.g., Wi-Fi.”, [0083] “Provisioning unit 320 is configured to receive the public key from the network device over the established first wireless connection 231, to encrypt the credentials through the public key”); and 
storing the encrypted credentials in the memory (Yang discloses in in [0008, 0068-0069] that encryptions are communicated between devices only in encrypted form, indicating that the encrypted credentials are stored before communication, [0092] further discloses that encrypted credentials only transmitted after receiving verifications indicating storing encrypted credentials until verification is received from recipient device).  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade to incorporate the teaching of Yang to utilize the above feature, with the motivation of impeding credentials attacks, as recognized by (Yang [0008]).
Banerjee in view of Sade and Yang disclose the aforementioned limitations, where Sade discloses in [0112-0113, 0176] the credential provisioning the identity of the user(s) and their entitlement, i.e. whether the user(s) are authorized, Sade further disclose the provisioned credentials may include password, user account name, binary data and other credential data, and further discloses in [0226] that the provisioned credentials may be randomly generated credentials. While the concept of generating credentials based on entropy target is vaguely defined in the claim, however, Banerjee in view of Sade and Yang does not disclose generating credentials based on entropy target.
Lew discloses generating credential based on entropy target (Lew discloses in [0030] credential based on random phrase audio recording, [0036] “…analyzing an audio recording generated by the client device 110, where the audio recording includes the vocalization of a random phrase previously generated by the online system 150 for the user.”,
Consistent with the description of entropy target/source recited in [0049] of the instant application as random data of audio clips).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade and Yang to incorporate the teaching of Lew to utilize the above feature, with the motivation of authenticating users with higher confidence and with less cumbersome authentication experience for the user as recognized by (Lew [0011]).

Regarding claim 20 (Currently Amended), Banerjee teaches a non-transitory computer readable medium comprising a computer readable memory storing computer (Banerjee [0017] “The techniques introduced herein can be embodied as special-purpose hardware (e.g., circuitry), as programmable circuitry appropriately programmed with software and/or firmware, or as a combination of special-purpose and programmable circuitry. Hence, embodiments may include a machine-readable medium having stored thereon instructions which may be used to program a computer (or other electronic devices) to perform a process…”, [0098] “FIG. 7, processing system 702 may comprise a micro-processor and other circuitry that retrieves and executes software 705 from storage system 703. Processing system 702 may be implemented within a single processing device”).
Claim 20 further recites performing the method of claim 1. All rationales and motivations applied to claim 1 is also applied to claim 20.

Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang, Lew (US 20190238535 A1), hereinafter Lew and further in view of Pritchard (US 20110277019 A1), hereinafter Pritchard.
Regarding claim 3 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 2, 
Sade in view of Yang disclose inserting the decrypted credentials in a web form as disclosed in claim 2, however, Banerjee in view of Sade, Yang and Lew do not disclose that the decrypted credential is masked. Emphasis in Italic.
 further comprising masking the decrypted credentials before the inserting the decrypted credentials (Pritchard disclose masking credentials when accessing devices, [0015] “provides a method, system, and computer program or web application for automating remote or local network device login/authentication, providing a masked login/authentication to remote and local devices on behalf of a user to devices to which the user has been granted access, while masking authentication credentials”, [0017] “…the endpoint of which is automatically defined by masked data within the database so that the user does not gain knowledge of the device's login/authentication credentials” ).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Pritchard to utilize the above feature, so that user does not gain knowledge of the device's login/authentication credentials, as recognized by (Pritchard [0017]).

Claim 13 (Original) is directed to a system, associated with the method claimed in claim 3. Claim 13 is similar in scope to claim 3, and is therefore rejected with the same rationale and motivation as claim 3. 


Claims 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter .

Regarding claim 4 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, further comprising: 
Banerjee in view of Sade, Yang and Lew discloses the above limitations, Sade further discloses generating/creating credentials. However, Banerjee in view of Sade, Yang and Lew do not disclose the below limitation.
Dickgiesser discloses requesting real-time approval before generating the credentials (Dickgiesser illustrates in Figure 2 (216-224) a system with automatic approval upon receiving request for activating credential, where the system automatic approval upon receiving request corresponds to real-time approval, [0012] “…upon receipt of the request may automatically generate or activate the login credentials and send the login credentials to the support resource.”, examiner noes that the automatic approval and credential providing is a real-time approval, as the system 202 in Figure 2 completes the approval and credential providing without any decision making delay or user intervention required). 
 It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Dickgiesser to utilize the above feature, with the motivation of automatically approving and provide credentials for analyzing errors, as recognized by (Dickgiesser [0009]).

. 
 
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Banerjee (US 20160212132 A1), hereinafter Banerjee in view of Sade et. al. (US 20160006712 A1), hereinafter Sade, Yang et. al. (US 20180176771 A1), hereinafter Yang, Lew (US 20190238535 A1), hereinafter Lew and further in view of Yeddula (US 20190349360 A1), hereinafter Yeddula.

Regarding claim 8 (Original), Banerjee in view of Sade, Yang and Lew teaches the computer-implemented method of claim 1, 
Banerjee does not disclose the below limitation.
wherein the credentials are generated based at least in part on a [cryptographically secure] random number generator (Sade [0226] “credential generation module 660 creates random provisioned credentials.”, [0265] “The provisioning system may generate provisioned credentials internally (e.g. random credentials) and/or store provisioned credentials in an internal directory.”).
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee to incorporate the teaching of Sade to utilize the above feature, with the motivation of instantaneously activating and creating credentials provisioning process to users, as recognized by (Sade [0007, 0015, 0245]).

Yeddula discloses cryptographically secure random number generator (Yeddula discloses in [0073] access token can be generated using a cryptographically secure random number generator. associated with a credential).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Banerjee in view of Sade, Yang and Lew to incorporate the teaching of Yeddula to utilize the above feature, with the motivation of provisioning and managing access tokens, as recognized by (Yeddula [0049]]).

Claim 18 (Original) is directed to a system, associated with the method claimed in claim 8. Claim 18 is similar in scope to claim 8, and is therefore rejected with the same rationale and motivation as claim 8. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Lee (US 20160262021 A1) discloses the server provisioning a credential of high entropy of 256 bits, where the entropy credential key may be generated according to a random selection process
. 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BASSAM A NOAMAN whose telephone number is (571)272-2705. The examiner can normally be reached Monday-Friday 8:30 AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BASSAM A NOAMAN/Examiner, Art Unit 2497                                                                                                                                                                                                        /ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497