DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words in length. The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, “The disclosure concerns,” “The disclosure defined by this invention,” “The disclosure describes,” etc.  In addition, the form and legal phraseology often used in patent claims, such as “means” and “said,” should be avoided.
The disclosure is objected to because of the following informalities: 
In paragraph 0113, Line 3, “to use dual realms The” should read “to use dual realms. The”. 
Appropriate correction is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 6, 8, 10, 13, 15, 16 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rich et al. (US 20020078243A1), hereinafter Rich in view of NPL Micro Focus Community (“Kerberos Authentication against Multiple Domains”, Access Manager Tips and information), hereinafter Microfocus and Gupta et al. (US 20170339156A1), hereinafter Gupta. 
Regarding claim 1, Rich teaches a computer-implemented method comprising (Rich: Abstract [0004] provides for the method implemented by a computer): 
generating, with at least one processor using a ticket-based computer network authentication protocol, a primary set of keys based on remote system access credentials for a primary domain and at least one secondary set of keys based on remote system access credentials for at least one secondary domain (Rich: [0005][0050] provide for Kerberos system, a ticket based authentication protocol, generating keys for distinct tickets issued by a KDC for different realms/domains, wherein the realms can consist of primary and secondary realms.) ; 
activating, with at least one processor, a system daemon to provide access to the primary domain and the at least one secondary domain by an entity based on the keys (Rich: [0004], [0050] provide for the Kerberos system process to provide access to the different realms); 
connecting, with at least one processor and using the ticket-based computer network authentication protocol via the system daemon, a remote computing device of the primary domain and a computing device of the at least one secondary domain to the computational entity (Rich: [005], Fig. 1 provide for the connection to the user devices from multi tenants (domains) via the ticket based Kerberos protocol containing which can be represented by ticket-based computer network authentication protocol via the system daemon); 
receiving, with at least one processor, a first access request to access a domain account associated with the remote computing device of the primary domain (Rich: [0004], [0050]-[0052] provide for the access request to access a domain account associated with the remote server of the realm); 
authenticating, with at least one processor, the first access request via the ticket-based computer network authentication protocol (Rich: [0004], [0050]-[0052] provide for the authenticating the access request via the ticket-based computer network authentication protocol); 
receiving, with at least one processor, a second access request to access a domain account associated with the computing device of the at least one secondary domain (Rich: [0004], [0050]-[0052] provide for the access request to access a computing device of a secondary realm ); and 
authenticating, with at least one processor, the second access request via the ticket-based computer network authentication protocol (Rich: [0004], [0050]-[0052] provide for the authenticating the access request via the ticket-based computer network authentication protocol).
Rich does not teach about merging, the primary set of keys with the at least one secondary set of keys to form a merged set of keys. However, Microfocus teaches this limitation (Microfocus: Page 2, line 7 provides for merging keys from domains to form merged set of keys).
Rich and Microfocus are both considered to be analogous to the claimed invention because they are in the same field of network authentication protocol. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rich to incorporate the teachings of Microfocus and provide a merged set of keys to activate system daemon to provide access to the primary and secondary domain by a computational cluster. In this manner, all requests to access different domains may utilize a single, default table of merged keys, thus optimizing the performance of accessing remote resources in different domains. 
Rich and Microfocus do not teach explicitly about the method comprising computational cluster. However, Gupta teaches this limitation (Gupta: [0113], [0060]-[0062] provide for the access to the multi tenants by computational cluster based on the keys in the Key Distribution Center (KDC)).
Rich, Microfocus and Gupta are all considered to be analogous to the claimed invention because they are in the same field of network authentication protocol. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rich /Microfocus to incorporate the teachings of Gupta, and provide access to remote computing devices through merges set of keys by computational cluster. Doing so would aid in implementing the method to enable multiple clients to securely share common set of resources. 
Regarding claim 8, the claim recites the same limitations as claim 1 for a system and is thereby rejected under same rationale. 
Regarding claim 15, the claim recites the same limitations as claim 1 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Regarding claim 3, Rich teaches the method of claim 1, further comprising configuring, with at least one processor, the ticket-based computer network authentication protocol to communicate with the primary domain and the at least one secondary domain (Rich: [0005] [0050] provides for configuring the ticket-based computer network authentication protocol to communicate with different realms).
Regarding claim 10, the claim recites the same limitations as claim 3 for a system and is thereby rejected under same rationale. 
Regarding claim 16, the claim recites the same limitations as claim 3 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Regarding claim 6, Rich teaches the method of claim 1, wherein each key of the set of keys comprises an identifier of a domain account associated with an encryption key necessary to encrypt or decrypt a ticket of the ticket-based computer network authentication protocol (Rich: [0050] provides for the keys comprising identifier of a realm where an encryption module might be used to encrypt (or decrypt) data of the ticket-based authentication protocol).
Regarding claim 13, the claim recites the same limitations as claim 6 for a system and is thereby rejected under same rationale. 
Regarding claim 19, the claim recites the same limitations as claim 6 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Claims 2 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Rich (US 20020078243A1), in view of NPL Microfocus (“Kerberos Authentication against Multiple Domains”, Access Manager Tips and information), Gupta (US 20170339156A1), and Guigli (US 9813303B1), hereinafter Guigli.
Regarding claim 2, Rich, Microfocus and Gupta do not teach the method of claim 1, wherein the at least one secondary domain comprises a plurality of secondary domains. However, Guigli teaches this limitation (Guigli: Col. 5 Lines 1-47 provides for the realms to contain a plurality of realms).
Rich, Microfocus, Gupta and Guigli are all considered to be analogous to the claimed invention because they are in the same field of network authentication protocol. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rich /Microfocu/Gupta to incorporate the teachings of Guigli, and provide domains comprising a plurality of secondary domains. Doing so would aid in adding scalability to the method. 
Regarding claim 9, the claim recites the same limitations as claim 2 for a system and is thereby rejected under same rationale. 
Claims 4, 5, 11, 12, 17 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Rich (US 20020078243A1), in view of NPL Microfocus (“Kerberos Authentication against Multiple Domains”, Access Manager Tips and information), Gupta (US 20170339156A1), and Li et al. (US 20200092331A1), hereinafter Li. 
Regarding claim 4, Rich, Microfocus and Gupta do not teach about activating an authentication service and ticket granting service on a domain controller for each of the primary and the at least one secondary domain. However, Li teaches this limitation (Li: [0011] [0038] [0039] provide for a domain controller which controls the domains and where a Kerberos base domain trust exist which can be represented by activating an authentication service and ticket granting service on the domain controller).
 Rich, Microfocus, Gupta and Li are all considered to be analogous to the claimed invention because they are in the same field of network authentication protocol for multi-tenant operation. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rich/Microfocus/Gupta to incorporate the teachings of Li and provide a domain controller to activate the authentication service and ticket granting service for the primary and secondary domains. Doing so would aid in securing multi-tenant operations of a distributed computing cluster by controlling the authentication service on a separate domain controller. 
Regarding claim 11, the claim recites the same limitations as claim 4 for a system and is thereby rejected under same rationale. 
Regarding claim 17, the claim recites the same limitations as claim 4 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Regarding claim 5, Li further teaches the method of claim 1, wherein generating the primary set of keys and the at least one secondary set of keys further comprises: 
initiating, with at least one processor, a discovery scan for each domain associated with each set of keys (Li: [0006] provides for the initiating network call for each domain which use keys); 
installing, with at least one processor, data packages required to join the computational cluster to each domain associated with each set of keys (Li: [0006] [0011] [0012] provide for the installing of data packages to each domain); and 
joining, with at least one processor, each domain associated with each set of keys by creating a respective account entry for the computational cluster (Li: [0006] [0011] [0012] provide for onboarded operator to join the computational cluster).
Regarding claim 12, the claim recites the same limitations as claim 5 for a system and is thereby rejected under same rationale. 
Regarding claim 18, the claim recites the same limitations as claim 5 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rich (US 20020078243A1), in view of NPL Microfocus (“Kerberos Authentication against Multiple Domains”, Access Manager Tips and information), Gupta (US 20170339156A1), and Totale et al. (US 20190007409A1), hereinafter Totale. 
Regarding claim 7, Rich, Microfocus and Gupta do not teach about the primary set of keys and the at least one secondary set of keys comprising different sets of permissions. However, Totale teaches this limitation (Totale: [0054] provides for the set of keys for the domains to have different set of permissions).
Rich, Microfocus, Gupta and Totale are all considered to be analogous to the claimed invention because they are in the same field of network authentication protocol for multi-tenant operation. Therefore, it would have been obvious to someone of ordinary skill in the art before the effective filing date of the claimed invention to have modified Rich/Microfocus/Gupta to incorporate the teachings of Totale and provide different sets of permissions of remote access credentials for primary and secondary set of keys. Doing so would aid in maintaining user specific permissions for different tasks in domains of a computing cluster. 
Regarding claim 14, the claim recites the same limitations as claim 7 for a system and is thereby rejected under same rationale. 
Regarding claim 20, the claim recites the same limitations as claim 7 for a computer program product comprising non-transitory computer-readable medium and is thereby rejected under same rationale. 
Pertinent Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Anantha et al. (US 20170048223 A1) teaches domain joined virtual names on domainless servers. 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YASMIN JAHIR whose telephone number is (571)272-0346. The examiner can normally be reached Mon-Fri 9:00-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432                                                                                                                                                                                                        




/YASMIN JAHIR/Examiner, Art Unit 2432