DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 16/836179 filed on 03/03/2022.
Claims 1-2, 4-9 and 13-17 have been examined and are pending in this application. 

Response to Arguments
The rejections of claims 1-7 under 35 U.S.C. § 101 are withdrawn as the claims have been amended.
The indicated allowability of claim 12 is withdrawn in view of the newly discovered reference(s) Mathew et al. (US 2017/0118202).  Rejections based on the newly cited reference(s) follow.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


Claims 1, 7-8 and 16-17 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143) in view of Corella (US 2009/0320107) and Mathew et al. (“Mathew,” US 2017/0118202).

Regarding claim 1: Hamel discloses an authentication system comprising:
an authentication server (Hamel: fig. 1);
a plurality of client devices including a first client device (Hamel: ¶0030 plurality of user systems associated with one or more users); and 
an external server (Hamel: ¶0046 third party credential server), wherein 
the authentication server, at least one of the client device, and the external server are connected to one another via a network (Hamel: fig. 1),
the authentication server comprises:
a storage that stores a database (Hamel: ¶0033 database system 200 comprises [] storage 210) comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [] credential storage 216 comprises credentials accessed by database system 200);
a hardware processor (Hamel: fig. 2) that:
upon receiving a first piece of user information from the first client device, determines whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined),
upon determining that the database contains the first piece of credential information, sends to the first client device the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
Hamel does disclose credential information associated with user information provided but does not explicitly disclose logging into an application or service provided by the external server via each of the client devices, a central processing unit (CPU), allow a user to log into the application or service provided via the first client device, upon determining that database does not contain the first piece of credential information, creates and stores a first piece of pseudo credential information in the database, and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device, the first client device transmits an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server, the external server: authenticating the user of the first client device using the first piece of credential information or the first piece of pseudo credential information.
However, Corella discloses logging into an application or service provided by the external server via each of the client devices (Corella: ¶0033 the user uses this instance-specific login form to log in to the selected virtual application instance, by providing a user ID and a password [i.e., credentials]);
comprises a central processing unit (CPU) (Corella: fig. 13; ¶0061 central processing unit (CPU) 342 of computer system 330), 
allow a user to log into the application or service provided via the first client device (Corella: ¶0036 access is granted to multi-user application 90 within a user account upon receipt of a login request 96 having a login ID and login password respectively matching a user password and userID of the user account),
upon determining that database does not contain the first piece of credential information, creates and stores a first piece of pseudo credential information in the database, and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device (Corella: ¶0050 at 220 login module 50 computes the hash of the salt stored in salt field 160 of user record 139 and the password entered by the user in password input 140 of login form 134. At 222, process 200 queries whether the computed hash matches the hash contained in hash field 162 of user record 142; ¶0051 if the answer to the query at 234 is “no”, process 200 proceeds to 236 wherein login module 50 generates a random session ID [i.e. pseudo credential information] and adds a login session record 150 to the table of login session records 148 of the instance database 54, the record containing the session ID in field 174; ¶0052 at 238, a welcome page is downloaded and a cookie containing the session ID as its value is set in the user's browser, such as browser38 of user36. The cookie is returned to Web application 32 by browser 38 with each subsequent HTTP request a request to access the virtual application instance),
the first client device transmits an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server (Corella: ¶0044 process 200 begins at 202 with a receipt of a login form [i.e. authentication request] submitted by a user, such as login form 134 submitted by user36 [...] login form 134 is an HTML form having three data inputs: an instance name input 136, a User ID input 138, and a password input 139; ¶0045 after filling out login form 134, the login request is transmitted from browser 38 to ASP Web site 32 (e.g., to a server computer)), and
the external server: authenticating the user of the first client device using the first piece of credential information or the first piece of pseudo credential information (Corella: ¶0052 a request to access the virtual application instance [...] is authenticated by verifying that the session ID contained in the cookie that accompanies the request matches the session ID field 174 of a login session record).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Corella with the system/method of Hamel to include creates and stores a first piece of pseudo credential information in the database, and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device.
One would have been motivated to providing a method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account (Corella: ¶0008).
Hamel in view of Corella does not explicitly disclose upon determining that a storage of the external server does not contain the first pieces of pseudo credential information, requests the first client device to input a password or a user ID of the user, and upon receiving the password or the user ID from the first client device, registers the pseudo credential information so as to be associated with the password or the user ID in the storage, the pseudo credential information being used to allow the user to log into the application or service provided via the first client device.
However, Mathew discloses upon determining that a storage of the external server does not contain the first pieces of pseudo credential information, requests the first client device to input a password or a user ID of the user (Mathew: ¶0081 upon determining that the user is not authenticated to access a resource, session engine 306 may send a request to client device 302 for user credential information [i.e., password/user ID] ("request for user credentials"), at step 330), and
upon receiving the password or the user ID from the first client device, registers the pseudo credential information so as to be associated with the password or the user ID in the storage (Mathew: ¶0083 session engine 306 may verify the user identification information by determining whether the user identification information is valid (e.g., exists) and if so, whether it is associated with the user; ¶0049 upon receiving a system validation request, system validation manager 146 [] may determine temporary access information (e.g., a one-time password) for verification by user 102 [] access management system 140 may store temporary access information in a data store 160 ("temporary passwords")), the pseudo credential information being used to allow the user to log into the application or service provided via the first client device (Mathew: ¶0087 at step 362, client device 302 may send the temporary access information to the access management system (e.g., session engine 306) to continue the process for system validation).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Mathew with the system/method of Hamel and Corella to include registers the pseudo credential information so as to be associated with the password or the user ID in the storage to allow the user to log into the application.
One would have been motivated to managing access to resources for enabling a user to determine the authenticity of an access management system before the user provides credential information to the access management system (Mathew: ¶0010).

Regarding claim 7: Hamel in view of Corella and Mathew discloses the authentication system according to claim 1.
Hamel further discloses wherein the client devices include at least one of a security door, a Multifunction Peripheral (MFP), a cellular phone, a personal computer (PC), and Internet of Things (IoT) device (Hamel: ¶0035 user system 400 comprises a personal computer, a mobile device, a tablet computer).

Regarding claim 8: Hamel discloses an authentication method using an authentication server that is connected to a plurality of client devices via a network, and comprises a storage and a processor, the method comprising:
storing, in the storage (Hamel: ¶0033 database system 200 comprises [...] storage 210), a database comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [...] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [...] credential storage 216 comprises credentials accessed by database system 200); 
upon the processor receiving a first piece of user information from a first client device, determining, by the processor, whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined),
upon the processor determining that the database contains the first piece of credential information, sending, by the processor to the first client device, the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
logging into an application or service provided by the external server via each of the client devices, allow a user to log into the application or service provided via the first client device, upon the processor determining that database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device, transmitting, by the first client device, an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server, authenticating, by the external server, the user of the first client device using the first piece of credential information or the first piece of pseudo credential information.
However, Corella discloses logging into an application or service provided by the external server via each of the client devices (Corella: ¶0033 the user uses this instance-specific login form to log in to the selected virtual application instance, by providing a user ID and a password [i.e., credentials]);
allow a user to log into the application or service provided via the first client device (Corella: ¶0036 access is granted to multi-user application 90 within a user account upon receipt of a login request 96 having a login ID and login password respectively matching a user password and userID of the user account),
upon the processor determining that database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device (Corella: ¶0050 at 220 login module 50 computes the hash of the salt stored in salt field 160 of user record 139 and the password entered by the user in password input 140 of login form 134. At 222, process 200 queries whether the computed hash matches the hash contained in hash field 162 of user record 142; ¶0051 if the answer to the query at 234 is “no”, process 200 proceeds to 236 wherein login module 50 generates a random session ID [i.e. pseudo credential information] and adds a login session record 150 to the table of login session records 148 of the instance database 54, the record containing the session ID in field 174; ¶0052 at 238, a welcome page is downloaded and a cookie containing the session ID as its value is set in the user's browser, such as browser38 of user36. The cookie is returned to Web application 32 by browser 38 with each subsequent HTTP request a request to access the virtual application instance),
transmitting, by the first client device, an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server (Corella: ¶0044 process 200 begins at 202 with a receipt of a login form [i.e. authentication request] submitted by a user, such as login form 134 submitted by user36 [...] login form 134 is an HTML form having three data inputs: an instance name input 136, a User ID input 138, and a password input 139; ¶0045 after filling out login form 134, the login request is transmitted from browser 38 to ASP Web site 32 (e.g., to a server computer)), and
authenticating, by the external server, the user of the first client device using the first piece of credential information or the first piece of pseudo credential information (Corella: ¶0052 a request to access the virtual application instance [...] is authenticated by verifying that the session ID contained in the cookie that accompanies the request matches the session ID field 174 of a login session record).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Corella with the system/method of Hamel to include creates and stores a first piece of pseudo credential information in the database, and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device.
One would have been motivated to providing a method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account (Corella: ¶0008).
Hamel in view of Corella does not explicitly disclose upon the external server determining that a storage of the external server does not contain the first pieces of pseudo credential information, requesting, by the external server, the first client device to input a password or a user ID of the user, and upon the external server receiving the password or the user ID from the first client device, registering, by the external server, the pseudo credential information so as to be associated with the password or the user ID in the storage, the pseudo credential information being used to allow the user to log into the application or service provided via the first client device.
However, Mathew discloses upon the external server determining that a storage of the external server does not contain the first pieces of pseudo credential information, requesting, by the external server, the first client device to input a password or a user ID of the user (Mathew: ¶0081 upon determining that the user is not authenticated to access a resource, session engine 306 may send a request to client device 302 for user credential information [i.e., password/user ID] ("request for user credentials"), at step 330), and
upon the external server receiving the password or the user ID from the first client device, registering, by the external server, the pseudo credential information so as to be associated with the password or the user ID in the storage (Mathew: ¶0083 session engine 306 may verify the user identification information by determining whether the user identification information is valid (e.g., exists) and if so, whether it is associated with the user; ¶0049 upon receiving a system validation request, system validation manager 146 [] may determine temporary access information (e.g., a one-time password) for verification by user 102 [] access management system 140 may store temporary access information in a data store 160 ("temporary passwords")), the pseudo credential information being used to allow the user to log into the application or service provided via the first client device (Mathew: ¶0087 at step 362, client device 302 may send the temporary access information to the access management system (e.g., session engine 306) to continue the process for system validation).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Mathew with the system/method of Hamel and Corella to include registers the pseudo credential information so as to be associated with the password or the user ID in the storage to allow the user to log into the application.
One would have been motivated to managing access to resources for enabling a user to determine the authenticity of an access management system before the user provides credential information to the access management system (Mathew: ¶0010).

Regarding claim 16: Claim 16 is similar in scope to claim 7, and is therefore rejected under similar rationale.

Regarding claim 17: Hamel discloses a non-transitory computer readable medium (CRM) storing computer readable program code that is executed by a computer as an authentication server being connected to a plurality of client devices and comprising a storage and a processor, and causes the computer to execute:
storing, in the storage (Hamel: ¶0033 database system 200 comprises [] storage 210), a database comprising:
a plurality of pieces of user information (Hamel: ¶0033 user data (e.g., user data stored in user data storage 214) [] user data storage 214 comprises user data describing users associated with database system 200); and
multiple kinds of a plurality of pieces of credential information (Hamel: ¶0033 credentials (e.g., credentials stored in credential storage 216) [] credential storage 216 comprises credentials accessed by database system 200);
upon the processor receiving a first piece of user information from a first client device, determining, by the processor, whether the database contains a first piece of credential information corresponding to the first piece of user information (Hamel: ¶0044 in 1000, a request for credential information associated with user information is received. In 1002, a user associated with the user information is located in a database system. In 1004, a set of credentials associated with the user is determined); and
upon the processor determining that the database contains the first piece of credential information, sending, by the processor to the first client device, the first piece of credential information (Hamel: ¶0044 in 1006, credential information associated with the credentials is determined. In 1008, the credential information is provided).
Hamel does disclose credential information associated with user information provided but does not explicitly disclose allow a user to log into the application or service provided via the first client device, upon the processor determining that database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device, transmitting, by the first client device, an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server, authenticating, by the external server, the user of the first client device using the first piece of credential information or the first piece of pseudo credential information.
However, Corella discloses logging into an application or service provided by the external server via each of the client devices (Corella: ¶0033 the user uses this instance-specific login form to log in to the selected virtual application instance, by providing a user ID and a password [i.e., credentials]);
allow a user to log into the application or service provided via the first client device (Corella: ¶0036 access is granted to multi-user application 90 within a user account upon receipt of a login request 96 having a login ID and login password respectively matching a user password and userID of the user account),
upon the processor determining that database does not contain the first piece of credential information, creating and storing, by the processor, a first piece of pseudo credential information in the database, and sending to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device (Corella: ¶0050 at 220 login module 50 computes the hash of the salt stored in salt field 160 of user record 139 and the password entered by the user in password input 140 of login form 134. At 222, process 200 queries whether the computed hash matches the hash contained in hash field 162 of user record 142; ¶0051 if the answer to the query at 234 is “no”, process 200 proceeds to 236 wherein login module 50 generates a random session ID [i.e. pseudo credential information] and adds a login session record 150 to the table of login session records 148 of the instance database 54, the record containing the session ID in field 174; ¶0052 at 238, a welcome page is downloaded and a cookie containing the session ID as its value is set in the user's browser, such as browser38 of user36. The cookie is returned to Web application 32 by browser 38 with each subsequent HTTP request a request to access the virtual application instance),
transmitting, by the first client device, an authentication request with the first piece of credential information or the first piece of pseudo credential information to the external server (Corella: ¶0044 process 200 begins at 202 with a receipt of a login form [i.e. authentication request] submitted by a user, such as login form 134 submitted by user36 [...] login form 134 is an HTML form having three data inputs: an instance name input 136, a User ID input 138, and a password input 139; ¶0045 after filling out login form 134, the login request is transmitted from browser 38 to ASP Web site 32 (e.g., to a server computer)), and
authenticating, by the external server, the user of the first client device using the first piece of credential information or the first piece of pseudo credential information (Corella: ¶0052 a request to access the virtual application instance [...] is authenticated by verifying that the session ID contained in the cookie that accompanies the request matches the session ID field 174 of a login session record).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Corella with the system/method of Hamel to include creates and stores a first piece of pseudo credential information in the database, and sends to the first client device the first piece of pseudo credential information required to allow the user to log into the application or service provided via the first client device.
One would have been motivated to providing a method of controlling access to an interaction context of an application, including receiving login requests pertaining to an access account (Corella: ¶0008).
Hamel in view of Corella does not explicitly disclose upon the external server determining that a storage of the external server does not contain the first pieces of pseudo credential information, requesting, by the external server, the first client device to input a password or a user ID of the user, and upon the external server receiving the password or the user ID from the first client device, registering, by the external server, the pseudo credential information so as to be associated with the password or the user ID in the storage, the pseudo credential information being used to allow the user to log into the application or service provided via the first client device.
However, Mathew discloses upon the external server determining that a storage of the external server does not contain the first pieces of pseudo credential information, requesting, by the external server, the first client device to input a password or a user ID of the user (Mathew: ¶0081 upon determining that the user is not authenticated to access a resource, session engine 306 may send a request to client device 302 for user credential information [i.e., password/user ID] ("request for user credentials"), at step 330), and
upon the external server receiving the password or the user ID from the first client device, registering, by the external server, the pseudo credential information so as to be associated with the password or the user ID in the storage (Mathew: ¶0083 session engine 306 may verify the user identification information by determining whether the user identification information is valid (e.g., exists) and if so, whether it is associated with the user; ¶0049 upon receiving a system validation request, system validation manager 146 [] may determine temporary access information (e.g., a one-time password) for verification by user 102 [] access management system 140 may store temporary access information in a data store 160 ("temporary passwords")), the pseudo credential information being used to allow the user to log into the application or service provided via the first client device (Mathew: ¶0087 at step 362, client device 302 may send the temporary access information to the access management system (e.g., session engine 306) to continue the process for system validation).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Mathew with the system/method of Hamel and Corella to include registers the pseudo credential information so as to be associated with the password or the user ID in the storage to allow the user to log into the application.
One would have been motivated to managing access to resources for enabling a user to determine the authenticity of an access management system before the user provides credential information to the access management system (Mathew: ¶0010).


Claims 2, 4, 9 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143) in view of Corella (US 2009/0320107), Mathew et al. (“Mathew,” US 2017/0118202) and Koya et al. (“Koya,” US 2018/0324159).

Regarding claim 2: Hamel in view of Corella and Mathew discloses the authentication system according to claim 1.
Corella further discloses pseudo credential information (Corella: ¶0051 generates a random session ID [i.e. pseudo credential information]).
The motivation is the same that of claim 1 above.
Hamel in view of Corella and Mathew does not explicitly disclose wherein the multiple kinds of the plurality of pieces of credential information include a password, a user ID, certificate information.
However, Koya discloses wherein the multiple kinds of the plurality of pieces of credential information include a password, a user ID, certificate information (Koya: ¶0106 credentials may include any type of information needed in order to access the devices. These may include userid/password pairs, certificates).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Koya with the system/method of Hamel, Corella and Mathew to include wherein the multiple kinds of the plurality of pieces of credential information include a password, a user ID, certificate information.
One would have been motivated to remotely accessing multiple computer devices through the use of the appropriate credentials (Koya: ¶0003). 

Regarding claim 4: Hamel in view of Corella and Mathew discloses the authentication system according to claim 1.
Hamel in view of Corella and Mathew does not explicitly disclose wherein the storage further stores a priority level for each of the first pieces of credential information, and the hardware processor selects one or more of the first pieces of credential information based on the priority level, and sends the selected one or more of the first pieces of credential information to the first client device.
However, Koya discloses wherein the storage further stores a priority level for each of the first pieces of credential information (Koya: ¶0112 any other type of credential, may be stored in a table with additional fields. These additional fields may include [...] a priority of the credential amongst credentials of the same type), and
the hardware processor selects one or more of the first pieces of credential information based on the priority level, and sends the selected one or more of the first pieces of credential information to the first client device (Koya: ¶0126 if multiple SSH credentials are found and a label is not specified in the request, the SSH credentials with the highest priority may be selected. If a label is specified in the request, the SSH credentials associated with the label and having the highest priority may be selected. As noted above, if multiple credentials with the same priority fit the selection criteria, one of these credentials may be randomly selected).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Koya with the system/method of Hamel, Corella and Mathew to include stores a priority level for each of the first pieces of credential information and selects one or more of the first pieces of credential information based on the priority level.
One would have been motivated to facilitate communication and movement of data between managed network be able to establish and maintain secure communication sessions with one or more customer instances of remote network management platform (Koya: ¶0067).

Regarding claim 9: Claim 9 is similar in scope to claim 2, and is therefore rejected under similar rationale.

Regarding claim 13: Claim 13 is similar in scope to claim 4, and is therefore rejected under similar rationale.

Claims 5-6 and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Hamel et al. (“Hamel,” US 2019/0306143) in view of Corella (US 2009/0320107), Mathew et al. (“Mathew,” US 2017/0118202) and Park (US 2017 /0193723).

Regarding claim 5: Hamel in view of Corella and Mathew discloses the authentication system according to claim 1.
Hamel in view of Corella and Mathew does not explicitly disclose wherein upon receiving necessary credential information from the first client device, the hardware processor searches the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information.
However, Park discloses wherein upon receiving necessary credential information from the first client device, the hardware processor searches the database for the first piece of credential information that coincides with the necessary credential information using the first piece of user information as a search key to determine whether the database contains the first piece of credential information (Park: ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result [...] the visitor's face  [i.e. credential information] is data compressed by said iris recognition module (120) and transmitted to the network gateway (200) that registers the mobile terminal information [i.e. user information] and allows the communication between said mobile terminal (300) and said digital door lock (100)).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Park with the system/method of Hamel, Corella and Mathew to include searches the database for the first piece of credential information that coincides with the necessary credential information.
One would have been motivated to authenticating the user based on comparing the stored biometric information with the biometric information inputted by the user (Park: ¶0016). 

Regarding claim 6: Hamel in view of Corella and Mathew discloses the authentication system according to claim 1.
Hamel in view of Corella and Mathew does not explicitly disclose wherein the storage further stores user attribute information that includes physical feature information and user preference information and the hardware processor sends, to the first client device, the user attribute information that corresponds to the first piece of user information.
However, Park discloses wherein the storage further stores user attribute information that includes physical feature information and user preference information (Park: ¶0013 the iris recognition module comprises a face photographing means to take the face picture of the user approaching the door-lock; ¶0017 the biometric information [i.e. physical feature information] is the characteristic identification information including iris pattern information, finger print information, retina information, and facial information; ¶0108 an iris recognition module (120) having a system processor (123) for comparing the iris pattern [i.e. preference information] of the user approaching said door-lock with the stored iris pattern and authenticating the user depending on the comparison result), and
the hardware processor sends, to the first client device, the user attribute information that corresponds to the first piece of user information (Park: ¶0109 the network gateway (200) registers the information of the mobile terminal that will transmit the visitor's face picture approaching the digital lock (100) [...] said network gateway (200) delivers the visitor's face picture that the digital lock (100) has taken to the mobile terminal (300)).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Park with the system/method of Hamel, Corella and Mathew to include storing, in the storage, user attribute information that includes physical feature information and user preference information.
One would have been motivated to providing the security system for the additional user authentication (Park: ¶0086). 

Regarding claim 14: Claim 14 is similar in scope to claim 5, and is therefore rejected under similar rationale.

Regarding claim 15: Claim 15 is similar in scope to claim 6, and is therefore rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439                                                                                                                                                                                                        
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439