DETAILED ACTION
1.	This office action is in response to the communication filed on 04/27/2022.
2.	Claims 1-20 are pending. 

Notice of Pre-AIA  or AIA  Status
3.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

4.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

Examiner Note
5.	In light of the specification (paragraph 89), the limitation “computer-readable storage medium” in claim 16 is a physical hardware device.

Response to Arguments
6.	Applicant’s arguments, filed on 04/27/2022, have been fully considered but they are not persuasive.
Applicant’s argument: Bailey, Gaya, Zeck, and/or Shastri do/does not teach for “searching a directory to identify a plurality of identities, including a first identity and a second identity, that each have a credential that matches the credential," and/or "responsive to identifying the plurality of identities, authenticating the credential for each of the plurality of identities" as recited by claim 1.

Applicant’s support: Bailey or Zeck does not identify a plurality of identities that each have a credential that matches the credential. Bailey or Zeck identifies and authorizes access to one account for which the user has provided credentials and then utilizes previously-stored link data to grant access to additional accounts which have different credentials. Moreover, Bailey, Gaya, Zeck, and Shastri, alone or in any combination, at most describe a conventional sign-in procedure to validate a single stored user credential for a single account and subsequently determining and providing access to accounts previously linked to the single account.

Examiner’s response: The examiner directs applicant’s attention to see Bailey, fig. 2 and paras. 16, 24, where an authentication service accesses a storage storing account IDs and corresponding account credentials to authenticate a user having multiple user accounts; see paras. 41-45 where the authentication service verifies the credential provided by the user to form an authentication token having account link data including account IDs/identifiers for a plurality of linked accounts, wherein a user is permitted to access to each of linked accounts upon authentication to one account. In other words, an authentication service searches a storage to identify accounts having account IDs/identities and corresponding account credentials, and verifies the credential provided by a user to form an authentication token for allowing the user to access each of the plurality of accounts having account IDs. Thus, Bailey explicitly discloses for searching a storage to identify a plurality of accounts having account IDs (i.e., a plurality of identities) to authenticate the user’s credential for accessing each of the plurality of accounts having account IDs.
In addition, the examiner directs applicant’s attention to see Zeck, paras. 26, 35, where a user is authenticated based on a credential, wherein user accounts utilize same credential. Thus, Zeck explicitly discloses a plurality of user accounts utilize same credential so that each user account has a credential that matches the credential presented by a user for authentication.
In conclusion, the combination of Bailey-Zeck explicitly discloses for searching a storage to identify a plurality of accounts having account IDs (i.e., a plurality of identities) to authenticate the user’s credential (to form an authentication token having account link data including account IDs) for accessing each of the plurality of account IDs, wherein each account has a credential that matches the user’s credential. 
Furthermore, in response to applicant's arguments against the references individually, one cannot show non-obviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


7.	Claim(s) 1-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailey et al. (US 20080134295 A1) in views of Gaya (US 20080034091 A1), Zeck et al. (US 20200314086 A1) and Shastri et al. (US 20170118025 A1).  
Regarding claims 1 and 10:
Bailey discloses a method performed by at least one computing device for signing a user in to multiple accounts with a single authentication gesture, comprising: 
receiving, by an authentication provider, a credential from the user signing in to use a resource (see fig. 2 and paras. 42-43 where an authentication service (i.e. an authentication provider) receives a credential from a client/user signing in to an account to receive service(s) from a service provider (i.e. resource)); 
searching [a directory] to identify a plurality of identities, including a first identity and a second identity, [that each have a credential that matches the credential] (see para. 16 where a user has multiple user accounts; see fig. 2 and para. 24 where an authentication service accesses a storage storing account IDs and corresponding account credentials to authenticate a user; see para. 42 where a user provides a credential for authenticating to an account. In other words, an authentication service searches a storage to identify accounts having IDs/identities (i.e. a first identity and a second identity) and corresponding account credentials to authenticate the user);
responsive to identifying the plurality of identities, authenticating the credential for each of the plurality of identities (see fig. 2 and para. 24 where an authentication service accesses a storage storing account IDs and corresponding account credentials to authenticate a user; see paras. 41-45 where the authentication service verifies the credential to form an authentication token having account link data including account IDs/identifiers for a plurality of linked accounts, wherein a user is permitted to access to each of linked accounts upon authentication to one account. In other words, responsive to identify accounts having IDs/identities, authenticating the credential to form an authentication token for accessing each of the plurality of account identifiers); and 
creating a plurality of sessions for the plurality of identities comprising a session for the first identity and a session for the second identity based on the [single authentication gesture] (see para. 26 where a user accesses to service(s) associated with an account during a session; see fig. 2 and paras. 41-45 where the authentication token, which has account link data including account IDs/identifiers associated with a plurality of accounts, is formed to be used for receiving a plurality of services corresponding to the plurality of accounts; see fig. 5 and para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting one or more linked accounts associated with account identifier(s) to receive access to each account of linked accounts. In other words, based on a single authentication, a plurality of sessions for the plurality of account identifiers comprising a session for the first account identifier and a session for the second account identifier are created for the client/user to access a plurality of services associated with a plurality of linked accounts).
Bailey does not, but Gaya discloses:
a directory (see Gaya, abstract and claims 15, 19, where information/data associated with user accounts are stored in a directory of a storage; see paras. 2 and/or 23 where information/data associated with a user account include account identifier and credentials; see paras. 35, 37 where account information/data (e.g. account identifiers, credentials) received are compared with account information/data stored in a storage for authenticating a user. In other words, account information including account identifiers (i.e. a first identity and a second identity) and user credentials stored in a directory are searched for authenticating a user).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey's invention by enhancing it for a directory, as taught by Gaya, in order for storing user account information in a directory of a storage (Gaya, para. 25).
The combination of Bailey-Gaya does not, but Zeck discloses:
accounts that each have a credential that matches the credential (see Zeck, paras. 26, 35 where a user is authenticated based on a credential, wherein an SSO token is generated in response to a successful authentication of the user, and wherein user accounts utilize same credential to access a network service. In other words, user accounts that each have a credential that matches the credential presented by a user for authentication. Note: see para. 80 where a user account can be identified).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey-Gaya's invention by enhancing it for accounts that each have a credential that matches the credential, as taught by Zeck, in order to utilize the same credential(s) for user accounts to access a network service (see Zeck, para. 35).
The combination of Bailey-Gaya-Zeck does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture. Note: see para. 111 where biometric input can also be used for user authentication in addition with the other input).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey-Gaya-Zeck's invention by enhancing it for single authentication gesture, as taught by Shastri, in order for authenticating a user based on a biometric input such as a gesture (Shastri, paras. 55, 185). 

Regarding claims 2 and 11:
Bailey discloses:    
revealing the plurality of identities to the user only after authenticating the credential (see fig. 5 and para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting one or more linked accounts associated with account identifier(s)).

Regarding claim 3:
Bailey discloses:
prompting the user to indicate which identity or identities in the plurality of identities the user desires to be active for the resource (see fig. 5 and para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting account identifier(s) associated with one or more linked accounts to receive access to one or more linked accounts).

Regarding claims 4 and 12:
Bailey discloses:
providing, to the resource, a session artifact for the first identity (see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide a username (i.e. a session artifact) for a linked account data including an account id/identifier (i.e. first identity)).

Regarding claims 5 and 13:
Bailey discloses:
receiving an indication that the user desires to switch to or add the second identity (see fig. 2 and paras. 49-50 where the authentication service exposes an interface to the client for selecting an account identifier associated with a linked account to receive access to the linked account, wherein the authentication service receives a user selection that causes switching between linked accounts); and 
providing, to the resource, a session artifact for the second identity based on the [single authentication gesture] without an additional sign in (see para. 50 where the authentication service receives a user selection that causes switching between linked accounts; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including username and/or password (i.e. session artifact) for a linked account data having an account id/identifier (i.e. second identity); see paras. 29 and/or 44 where a user accesses to another linked account based on the single sign-in with a linked account without an addition sign-in).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Regarding claims 6 and 14:
Bailey discloses:
determining that the resource is multi-identity aware, configured to receive a plurality of concurrent session artifacts (see para. 41 where a service provider provide services to a plurality of linked accounts having account identifiers; see para. 55 where the authentication service interacts with the service provider to provide a username (i.e. session artifact) for a linked account data including an account id/identifier (i.e. second identity)); and 
providing concurrently, to the resource, a session artifact for the first identity and a session artifact for the second identity based on the [single authentication gesture] (see fig. 2 and paras. 41-45 where the authentication token, which has account link data including account IDs/identifiers associated with a plurality of accounts, is used for receiving a plurality of services corresponding to the plurality of accounts, wherein a user access services corresponding to multiple linked accounts, upon a single sign-in to one of the linked accounts; see para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting linked accounts associated with account identifiers; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including username and/or password (i.e. session artifact) for linked accounts including an account id/identifier (i.e. identity). In other words, providing concurrently using an authentication token, to a service provider, a username (i.e. a session artifact) for an account id/identifier (i.e. first identity) and a username (i.e. a session artifact) for another account id/identifier (i.e. second identity) based on the single authentication to a linked account).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Regarding claims 7 and 15:
Bailey discloses:
wherein the first identity was created by a first identity provider and the second identity was created by a second identity provider (see fig. 2 and para. 24 where the authentication service forms account link data including account identifiers (i.e. a first account identifier and a second account identifier); see para. 31 where the authentication service is implemented via a plurality of servers (i.e. identity providers). In other words, a plurality of account identifiers are formed by a plurality of servers included in the authentication service).

Regarding claim 8:
Bailey does not, but Shastri discloses:
wherein the credential is a passwordless credential (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input (i.e., password-less credential)).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey's invention by enhancing it for the credential is a password-less credential, as taught by Shastri. The motivation is the same as presented in claim 1.

Regarding claim 9:
Bailey does not, but Shastri discloses:
wherein the passwordless credential comprises one of the following: (i) a phone number combined with a one-time code (OTC) texted or phoned to the phone number and entered by the user, (ii) an email address and the OTC emailed to the email address and entered by the user, or (iii) the user's biometric information (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input).

8.	Claim(s) 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Bailey in views of Zeck and Shastri.
Regarding claim 16:
Bailey discloses a computer-readable storage medium having program instructions recorded thereon that, when executed by a processing circuit, perform a method comprising: 
providing an indication that a resource is configured to receive a plurality of concurrent session artifacts for a corresponding plurality of identities based on a [single authentication gesture] by a user (see fig. 2 and paras. 41-45 where the authentication token, which has account link data including account IDs/identifiers associated with a plurality of accounts, is used for receiving a plurality of services corresponding to the plurality of accounts, wherein a user access services corresponding to multiple linked accounts, upon a single sign-in to one of the linked accounts; see para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting linked accounts associated with account identifiers; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including usernames and/or passwords (i.e. session artifacts) for a linked account data including an account id/identifier (i.e. identity). In other words, providing, via an interface, an indication that a service provider (i.e. resource) is configured to receive a plurality of concurrent linked account data including usernames and/or passwords (i.e. session artifacts) for a plurality of account identifiers (i.e. corresponding plurality of identities) based on a single authentication to a linked account by a user); and 
receiving a first session artifact for a first identity and a second session artifact for a second identity based on the [single authentication gesture], wherein the first session artifact for the first identity and the second session artifact for the second identity are provided based on an indication that the first identity and the second identity [each have credentials that match a credential provided via the single authentication gesture by the user] (see para. 44 where a user access services corresponding to multiple linked accounts, upon a single sign-in to one of the linked accounts; see para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting linked accounts associated with account identifiers; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including username and/or password (i.e. session artifact) for a linked account data including an account id/identifier (i.e. identity). In other words, linked account data including usernames and/or passwords (i.e. session artifacts) for account identifiers (i.e. first identity and second identity) are received, e.g. by the authentication service or the service provider, to allow a user access services corresponding to multiple linked accounts based on a single authentication to a linked account by the user, wherein the identified accounts having IDs/identities (i.e. a first identity and a second identity) and credentials, wherein one of the credentials (e.g. username or password) of the identified accounts matches the credential (e.g. a username or a password) provided by the user to authenticate the user).
Bailey does not, but Zeck discloses:
accounts that each have credentials that match a credential (see Zeck, paras. 26, 35 where a user is authenticated based on a credential, wherein an SSO token is generated in response to a successful authentication of the user, and wherein user accounts utilize same credentials to access a network service. In other words, user accounts that each have credential(s) that match the credential presented by a user for authentication. Note: see para. 80 where a user account can be identified).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey's invention by enhancing it for accounts that each have credentials that match a credential, as taught by Zeck, in order to utilize the same credential(s) for user accounts to access a network service (see Zeck, para. 35).
The combination of Bailey-Zeck does not, but Shastri discloses:
a credential provided via single authentication gesture by the user (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).
It would have been obvious to one having ordinary skill in the art to which the claimed invention pertains, before the effective filing date of the claimed invention, to modify Bailey-Zeck's invention by enhancing it for a credential provided via single authentication gesture by the user, as taught by Shastri, in order for authenticating a user based on a biometric input such as a gesture (Shastri, paras. 55, 185).

Regarding claim 17:
Bailey discloses:
permitting the user to use the resource concurrently with the first identity and the second identity based on the [single authentication gesture] (see fig. 2 and paras. 41-45 where the authentication token, which has account link data including account IDs/identifiers associated with a plurality of accounts, is used for receiving a plurality of services corresponding to the plurality of accounts, wherein a user access services corresponding to multiple linked accounts, upon a single sign-in to one of the linked accounts; see para. 49 where, upon the client provides a credential corresponding to one account, the authentication service exposes an interface to the client for selecting linked accounts associated with account identifiers; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including username and/or password (i.e. session artifact) for a linked account data including an account id/identifier (i.e. identity). In other words, providing concurrently using an authentication token, to a service provider (i.e. the resource), a username (i.e. a session artifact) for an account id/identifier (i.e. first identity) and a username (i.e. a session artifact) for another account id/identifier (i.e. second identity) to permit the user to use the service provider concurrently for receiving a plurality of services corresponding to the plurality of accounts based on the single authentication on a credential to a linked account).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Regarding claim 18:
Bailey discloses:
wherein the resource is configurable to combine or merge information for the first identity and the second identity based on the [single authentication gesture] (see fig. 2 and paras. 42-45 where a service provider permits a user to access a plurality of services corresponding to the plurality of accounts using an authentication token having account link data including account IDs/identifiers based on a single authentication to a linked account by the user. In other words, the service provider (i.e. the resource) is configurable to combine or merge information for account IDs/identifiers (i.e. first identity and the second identity) to use an authentication token for allowing the user to access a plurality of services corresponding to the plurality of accounts based on a single authentication on a credential to a linked account by the user).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Regarding claim 19:
Bailey discloses:
wherein the first session artifact and the second session artifact are received together based on the [single authentication gesture] (see paras. 41-45 where the authentication token, which has account link data including account IDs/identifiers associated with a plurality of accounts, is used for receiving a plurality of services corresponding to the plurality of accounts, wherein a user access services corresponding to multiple linked accounts, upon a single sign-in to one of the linked accounts; see fig. 2 and para. 55 where the authentication service interacts with the service provider to provide linked account data including usernames and/or passwords (i.e. session artifacts) for the plurality of accounts).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Regarding claim 20:
Bailey discloses:
wherein the first session artifact and the second session artifact are received separately based on the [single authentication gesture] without an additional sign in (see fig. 2 and paras. 49-50 where the authentication service exposes an interface to the client for selecting an account identifier associated with a linked account to receive access to the linked account, wherein the authentication service receives a user selection that causes switching between linked accounts; see para. 55 where the authentication service interacts with the service provider to provide linked account data including username and/or password (i.e. session artifact) for a linked account data; see paras. 29 and/or 44 where a user accesses to another linked account based on the single sign-in with a linked account without an addition sign-in).
Bailey does not, but Shastri discloses:
single authentication gesture (see Shastri, para. 55, where a credential used to authenticate a user for accessing a resource is a biometric input; see para. 185 where a biometric input is a gesture).

Conclusion 
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUAN V. DOAN whose telephone number is 571-272-3809. The examiner can normally be reached on Monday – Thursday, 9:00am – 5:00pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, PHILIP CHEA, can be reached on 571-272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HUAN V DOAN/Primary Examiner, Art Unit 2437