Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the amendment filed 02/18/2022.  
In the instant amendment, claims 1 and 9 were amended; claim 10 is new; claims 1 and 9 are independent claims. Claims 1-10 are pending in this application. THIS ACTION IS MADE FINAL. 

Response to Arguments
Applicant’s arguments filed 02/18/2022 have been fully considered but they are not persuasive. 
Applicant argues that Brugger fails to explicitly disclose request a management apparatus for user authentication to acquire second credential information that is used for acquiring first credential information that is used for a Web service provided by a service providing apparatus, the second credential information indicating that a user has been authenticated to the management apparatus, receive the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, receive the first credential information transmitted from the authentication server in response to the transmission of the second credential information, use the Web service by using the received first credential information.  
In response, the Examiner respectfully disagrees with the applicant. In response, the Examiner respectfully disagrees with the applicant. Under a broadest reasonable interpretation (BRI), words of the claim must be given their plain meaning, unless such meaning is inconsistent with the specification. The plain meaning of a term means the ordinary and customary meaning given to the term by those of ordinary skill in the art at the time of invention. Here the limitation ends with a comma then the next line starts a new amended limitation where new prior art was applied. “Although the specifications may well indicate that certain embodiments are preferred, particular embodiments appearing in a specification will not be read into the claims when the claim language than such embodiments.” (Electro Med. Sys. S.A. v. Cooper Life Sc 34 F. 3d 1048, 1054 (Fed. Cir. 1994)). Brugger discloses request a management apparatus for user authentication to acquire second credential information that is used for acquiring first credential information that is used for a Web service provided by a service providing apparatus, the second credential information indicating that a user has been authenticated to the management apparatus, receive the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, receive the first credential information transmitted from the authentication server in response to the transmission of the second credential information, use the Web service by using the received first credential information, (See Brugger, [0074], [0014]-[0015], [0017], [0034], [0080], [0084]-[0085], FIG 8). Sidman discloses transmit the received second credential information to an authentication server (See Sidman [0061]). 
Applicant's arguments (pages: 10-11): Additionally, as to the dependent claims 2-8 and 10 the Applicant argues that the claims are dependent directly or indirectly from a respective one of claims of independent claims 1 and 9 and are therefore distinguished from the cited art at least by virtue OR allowable at least based on of their additionally recited patentable subject matter.
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 2-8 and 10 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to claims 2-8 and 10. Therefore, in view of the above reasons, the Examiner maintains the rejection with the cited prior art references. 
Therefore, in view of the above reasons, the Examiner maintains the rejection.
Applicant’s arguments with respect to claim(s) 1 and 9 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-5 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Brugger et al (“Brugger,” US 20150007269) in view of Sidman et al (“Sidman,” US 20090192944) and further in view of Kong et al (“Kong,” US 20180191700). 

Regarding claim 1, Brugger discloses an information processing apparatus comprising:
a processor configured to (Brugger, [0021], processor)
request a management apparatus for user authentication to acquire second credential information that is used for acquiring first credential information that is used for a Web service provided by a service providing apparatus, (Brugger, [0074], the delegation service may detect a request from a delegate having a second credential to use the web service with the first credential; [0014] describes use of a management apparatus; [0080], [0084]-[0085] describes a service provider)
the second credential information indicating that a user has been authenticated to the management apparatus, (Brugger, FIG 8 shows step 810 Request Access to the Web Service using Second Credentials, 815 Does Delegate have access? If YES, then 825, Allow access to the web service for the delegate; [0014] describes user authentication; [0014]-[0015] describes a management apparatus)
receive the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, (Brugger, FIG 8 shows step 810 Request Access to the Web Service using Second Credentials, 815 Does Delegate have access? If YES, then 825, Allow access to the web service for the delegate; [0014] describes user authentication)
receive the first credential information transmitted from the authentication server in response to the transmission of the second credential information, (Brugger, [0074] describes receiving the first credential information transmitted from the web server that performs authentication in response to the transmission of the second credential information) and
use the Web service by using the received first credential information, (Brugger, [0074], [0017] & [0034], describes using the web service by using the received first credential information)
Brugger fails to explicitly disclose transmit the received second credential information to an authentication server.  
However, in an analogous art, Sidman discloses transmit the received second credential information to an authentication server (Sidman, [0061], transmits a second token [second credential] to a verification server)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Sidman with
the method and system of Brugger to include transmit the received second credential information to an authentication server. One would have been motivated to provide security and/or privacy of Internet communications between a website and a client device (Sidman, [0002]). 
	Brugger and Sidman fail to explicitly disclose wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus.
However, in an analogous art, Kong discloses wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus (Kong, [0052], [0006]-[0007]; FIG 2 & [0050]-[0053] describes wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the web service provided by the service providing apparatus). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Kong with
the method and system of Brugger and Sidman to include wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus. One would have been motivated to securely maintain a user session for a long period of time, and in some embodiments across multiple hosted services and/or multiple devices (Kong, [0005]). 

Regarding claim 3, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 1. 
Brugger further discloses further comprising:
a memory, (Brugger, [0021], memory)
wherein the memory stores third credential information for updating the first credential information and acquiring the updated first credential information, (Brugger, Brugger, [0014], [0037], [0055], [0068] & [0074], may include a user directory with a plurality of users with different credentials which are incorporated into the delegation service for acquiring the updated first credential; [0014] describes use of a management apparatus; FIG 6 shows a delegation ticket which can be changed [updated] each time with the delegator’s credentials, permissions and restrictions)
wherein the processor is further configured to transmit the third credential information stored in the memory to the authentication server, (Brugger, [0014], [0037], [0055], [0068] & [0074] describe sending the user directory with a plurality of users and a plurality of different credentials stored in the memory to the web server that performs authentication) and
receive the first credential information transmitted from the authentication server in a case where the transmitted third credential information is confirmed to be valid by the authentication server, (Brugger, FIG 8, [0014], [0037], [0055], [0068] & [0074] describe receiving first credential information transmitted from the web server that performs user authentication where the sent user directory with different users with different credentials is confirmed to by valid by the authentication server)

Regarding claim 4, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 2. 
Brugger further discloses further comprising:
a memory, (Brugger, [0021], memory)
wherein the memory stores third credential information for updating the first credential information and acquiring the updated first credential information, (Brugger, [0021], [0014], [0037], [0055], [0068] & [0074], describes wherein the memory stores a user directory with different users and different credentials and acquiring the updated first credential information; FIG 6 shows a delegation ticket which can be changed [updated] each time with the delegator’s credentials, permissions and restrictions)
wherein the processor is further configured to transmit the third credential information stored in the memory to the authentication server, (Brugger, [0014], [0037], [0055], [0068] & [0074], describes sending the user directory with different users and different credentials that is stored in memory to be validated by the web server that performs user authentication; FIG 6 shows a delegation ticket which can be changed [updated] each time with the delegator’s credentials, permissions and restrictions) and
receive the first credential information transmitted from the authentication server in a case where the transmitted third credential information is confirmed to be valid by the authentication server, (Brugger, [0014], [0037], [0055], [0068] & [0074], describes receiving the first credential information send from the web server that performs user authentication in a case where the send third credentials which are apart of the user directory with different users and different credentials is confirmed to be valid by the web server that performs user authentication; FIG 6 shows a delegation ticket which can be changed [updated] each time with the delegator’s credentials, permissions and restrictions)

Regarding claim 5, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 1. 
Brugger further discloses wherein the processor is further configured to
transmit to the authentication server, the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, (Brugger, 919, FIG 9 detect a request from a delegate having a second credential, at the delegation to use the web service with the first credential; 915 determine that the second credential authorizes the delegate to use the web service with the first credential; 920, authorize access to the web service with the first credential for use by the second credential of the delegate; [0014] describes the management apparatus; [0037] & [0038] describe a sending to the web server performing user authentication and the delegation process, the second credential information send from the management agent in a case where the user authentication is successful from the management agent)
and specific information determined only between the information processing apparatus and the authentication server, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication) and
receive the first credential information transmitted from the authentication server according to a result of verification of the transmitted second credential information (Brugger, [0003] & [0074] describes receiving the first credential information transmitted from the web server that performs authentication [verification] in response to the transmission of the second credential information) and the specific information)

Regarding claim 7, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 3. 
Brugger further discloses wherein the processor is further configured to transmit, to the authentication server, the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus,  (Brugger, 919, FIG 9 detect a request from a delegate having a second credential, at the delegation to use the web service with the first credential; 915 determine that the second credential authorizes the delegate to use the web service with the first credential; 920, authorize access to the web service with the first credential for use by the second credential of the delegate; [0014] describes the management apparatus; [0037] & [0038] describe a sending to the web server performing user authentication and the delegation process, the second credential information send from the management agent in a case where the user authentication is successful from the management agent) and specific information determined only between the information processing apparatus and the authentication server, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication)
and specific information determined only between the information processing apparatus and the authentication server, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication)
and receive the first credential information transmitted from the authentication server according to a result of verification of the transmitted second credential information (Brugger, [0003] & [0074] describes receiving the first credential information transmitted from the web server that performs authentication in response to the transmission of the second credential information)
and the specific information, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication)

Regarding claim 8, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 4. 
Brugger further discloses wherein the processor is further configured to transmit, to the authentication server, the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, (Brugger, 919, FIG 9 detect a request from a delegate having a second credential, at the delegation to use the web service with the first credential; 915 determine that the second credential authorizes the delegate to use the web service with the first credential; 920, authorize access to the web service with the first credential for use by the second credential of the delegate; [0014] describes the management apparatus; [0037] & [0038] describe a sending to the web server performing user authentication and the delegation process, the second credential information send from the management agent in a case where the user authentication is successful from the management agent) 
and specific information determined only between the information processing apparatus and the authentication server, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication) and
receive the first credential information transmitted from the authentication server according to a result of verification of the transmitted second credential information (Brugger, [0003] & [0074] describes receiving the first credential information transmitted from the web server that performs authentication in response to the transmission of the second credential information) 
and the specific information, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication)

Regarding claim 9, Brugger discloses a non-transitory computer readable medium storing a program causing a computer to
request a management apparatus for user authentication to acquire second credential information that is used for acquiring first credential information that is used for a Web service provided by a service providing apparatus, (Brugger, [0074], the delegation service may detect a request from a delegate having a second credential to use the web service with the first credential; [0014] describes use of a management apparatus; [0080], [0084]-[0085] describes a service provider)
the second credential information indicating that a user has been authenticated to the management apparatus, (Brugger, FIG 8 shows step 810 Request Access to the Web Service using Second Credentials, 815 Does Delegate have access? If YES, then 825, Allow access to the web service for the delegate; [0014] describes user authentication; [0014]-[0015] describes a management apparatus)
receive the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, (Brugger, FIG 8 shows step 810 Request Access to the Web Service using Second Credentials, 815 Does Delegate have access? If YES, then 825, Allow access to the web service for the delegate; [0014] describes user authentication)
receive the first credential information transmitted from the authentication server in response to the transmission of the second credential information, (Brugger, [0074] describes receiving the first credential information transmitted from the web server that performs authentication in response to the transmission of the second credential information) and
use the Web service by using the received first credential information, (Brugger, [0074], [0017] & [0034], describes using the web service by using the received first credential information)
Brugger fails to explicitly disclose transmit the received second credential information to the authentication server. 
However, in an analogous art, Sidman discloses transmit the received second credential information to the authentication server (Sidman, [0061], transmits a second token [second credential] to a verification server)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Sidman with
the method and system of Brugger to include transmit the received second credential information to an authentication server. One would have been motivated to provide security and/or privacy of Internet communications between a website and a client device (Sidman, [0002]). 
	Brugger and Sidman fail to explicitly disclose wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus.
However, in an analogous art, Kong discloses wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus, (Kong, [0052], [0006]-[0007]; FIG 2 & [0050]-[0053] describes wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Kong with
the method and system of Brugger and Sidman to include wherein the first credential information comprising a first token issued by the authentication server, the second credential information comprising a second token issued by the management apparatus, and the second token comprising information for acquiring the first token to use the Web service provided by the service providing apparatus. One would have been motivated to securely maintain a user session for a long period of time, and in some embodiments across multiple hosted services and/or multiple devices (Kong, [0005]).

Claims 2 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Brugger et al (“Brugger,” US 20150007269), Sidman et al (“Sidman,” US 20090192944) in view of Kong et al (“Kong,” US 20180191700) and further in view of Walker et al (“Walker,” US 20150373023). 

Regarding claim 2, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 1. 
Brugger, Sidman and Kong fail to explicitly disclose wherein the processor is further configured to receive information for creating a screen for the user to input authentication information used for user authentication by the management apparatus, from the management apparatus, and create the screen based on the information for creating the screen to display the created screen on a display device.
However, in an analogous art, Walker discloses wherein the processor is further configured to receive information for creating a screen for the user to input authentication information used for user authentication by the management apparatus, from the management apparatus, and create the screen based on the information for creating the screen to display the created screen on a display device (Walker, [0148], describes a application management agent that generates a login prompt on the display screen of the mobile device and may receive authentication information input from the user (e.g. passphrase of PIN). The application management agent may generate unencrypted keys using the received authentication information. The application management agent may transmit the received passcode to the mobile processor to secure the application components and processes associated with the mobile application requesting access to the encrypted resources). 
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Walker with
the method and system of Brugger, Sidman and Kong to include wherein the processor is further configured to receive information for creating a screen for the user to input authentication information used for user authentication by the management apparatus, from the management apparatus, and create the screen based on the information for creating the screen to display the created screen on a display device. One would have been motivated to provide access to encrypted resources by first authenticating the user with login credentials (Walker, [0148]). 

Regarding claim 6, Brugger, Sidman, Kong and Walker disclose the information processing apparatus according to claim 2. 
Brugger further discloses wherein the processor is further configured to transmit, to the authentication server, the second credential information transmitted from the management apparatus in a case where the user authentication is successful by the management apparatus, (Brugger, 919, FIG 9 detect a request from a delegate having a second credential, at the delegation to use the web service with the first credential; 915 determine that the second credential authorizes the delegate to use the web service with the first credential; 920, authorize access to the web service with the first credential for use by the second credential of the delegate; [0014] describes the management apparatus; [0037] & [0038] describe a sending to the web server performing user authentication and the delegation process, the second credential information send from the management agent in a case where the user authentication is successful from the management agent)
and specific information determined only between the information processing apparatus and the authentication server, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication) and
receive the first credential information transmitted from the authentication server according to a result of verification of the transmitted second credential information (Brugger, [0003] & [0074] describes receiving the first credential information transmitted from the web server that performs authentication in response to the transmission of the second credential information) and the specific information)
and the specific information, (Brugger, [0017], [0037], [0051]-[0053] & [0057], describes encrypted information [specific information] determined only between the information processing system and the web server that performs user authentication)

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Brugger et al (“Brugger,” US 20150007269), Sidman et al (“Sidman,” US 20090192944) in view of Kong et al (“Kong,” US 20180191700) and further in view of Koo et al (“Koo,” US 20170127276). 

Regarding claim 10, Brugger, Sidman and Kong disclose the information processing apparatus according to claim 1. 
Brugger, Sidman and Kong fail to explicitly disclose further comprising: a memory, wherein the memory stores third credential information for updating the first
credential information and acquiring the updated first credential information, and the
third credential information comprising a refresh token issued by the authentication
server for updating the first token, wherein the processor is further configured to
transmit the third credential information stored in the memory to the authentication server, and receive the first credential information transmitted from the authentication
server in a case where the transmitted third credential information is confirmed to be
valid by the authentication server.
However, in an analogous art, Kong discloses further comprising: a memory, wherein the memory stores third credential information for updating the first credential information and acquiring the updated first credential information,, wherein the processor is further configured to transmit the third credential information stored in the memory to the authentication server, and receive the first credential information transmitted from the authentication server in a case where the transmitted third credential information is confirmed to be valid by the authentication server, (Kong, [0052], [0006]-[0007]; FIG 2 & [0050]-[0053] describes a memory wherein the memory stores third credential information for updating the first credential information and acquiring the updated first credential information stored in the memory of the authentication server, and receive the first credential information sent from the authentication server in a case where the transmitted third credential information is confirmed to be valid by the authentication server)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Kong with
the method and system of Brugger and Sidman to include further comprising: a memory, wherein the memory stores third credential information for updating the first
credential information and acquiring the updated first credential information,  wherein the processor is further configured to transmit the third credential information stored in the memory to the authentication server, and receive the first credential information transmitted from the authentication server in a case where the transmitted third credential information is confirmed to be valid by the authentication server. One would have been motivated to securely maintain a user session for a long period of time, and in some embodiments across multiple hosted services and/or multiple devices (Kong, [0005]).
Brugger, Sidman and Kong fail to explicitly disclose and the third credential information comprising a refresh token issued by the authentication server for updating the first token. 
However, in an analogous art, Koo discloses and the third credential information comprising a refresh token issued by the authentication server for updating the first token, (Koo, [0053], [0056]-[0062] & [0090]-[0091], describes and the third credential information comprising a refresh token issued by the authentication server for updated the first token)
Therefore, it would have been obvious to one of ordinary skill in the art before the
effective filing date of the claimed invention to combine the teachings of Koo with
the method and system of Brugger, Sidman and Kong to include and the third credential information comprising a refresh token issued by the authentication server for updating the first token. One would have been motivated to transmit and receive authentication information in a wireless communication system (Koo, [0002])


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.                                                                                                                                                                                                                                                                                                                      
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439    



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439