DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claim1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
The prior art, Khalil (US 11336634B2), discloses that a device can establish an identity for an individual by communicating with a first set of devices. The first set of devices can include a user device, a first server device associated with a certificate authority, or a second server device associated with an identity provider. The device can authenticate the identity of the individual by communicating with a second set of devices. The second set of devices can include the user device, or a third server device associated with a first service provider. The device can authorize the identity of the individual to be used by one or more service providers by communicating with a third set of devices. The third set of devices can include the user device, the third server device, or a fourth server device associated with a second service provider.
The prior art, Xie (US 20220086134A1), discloses allowing the user to select the credentials that are weak out of fear of misremembering stronger credentials, so that the users can use the same credentials for logging into multiple accounts hosted by multiple web applications, thus avoiding the users to be exposed to credential cracking, and hence preventing the users from misusing the same username and password combination for their email, banking, entertainment services, and professional services accounts in an effective manner.
The prior art, Yee (US 20220060469A1), discloses utilizing a cloud computing as a model of service delivery for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or interaction with a provider of the service. The method allows a cloud consumer to unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with the service's provider.
The prior art, Heldt-Sheller(US 20210176638A1), discloses user-authorized onboarding of a device using a public authorization service. A 3-way authorization protocol is used to coordinate device onboarding among several Internet of Things (IoT) Fog users (e.g., devices in a common network topology or domain) with principles of least privilege. Respective onboarding steps may be assigned for performance by different Fog ‘owners’ such as respective users and clients. Each owner may rely on a separate authorization protocol or user interaction to be notified of and to give approval for the specific onboarding action(s) assigned. 
The prior art, Sharma (US 10992474B2), discloses validating an authentication result received via a first user device; generating, in response to validating the authentication result, a proof of authentication that relates to the authentication performed via the first user device; outputting the proof of authentication to the first user device; receiving, via a second user device in connection with a request to access a protected resource, cryptographic information comprising at least a portion of the proof of authentication output to the first user device; validating the cryptographic information received via the second user device against the proof of authentication; and granting, to the second user device, access to the protected resource in response to validating the cryptographic information against the proof of authentication.
The prior art, Anderson (US 20190075115A1), discloses accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.
The prior art, Shiralkar (US 20220124098A1), discloses that identity providers simplify the user experience by allowing users of service providers to configure authentication processes on a single identity provider and subsequently rely on that identity provider to authenticate on one or multiple client service providers that use the identity provider. The third-party service provider determines whether to provide the client device access to the one or more services in accordance with the determined access level, after determining the access level.
The prior art, Hinton (US 20080021997A1), discloses performing an identity provider migration operation with respect to a user within a federated computational environment, wherein the user has a first user account at a first identity provider, a second user account at a second identity provider, and a third user account at a service provider. A request to access a resource is received by the service provider, after which a federated single-sign-on operation for the user is performed between the service provider and the first identity provider. Prior to sending a response to the request to access the protected resource, information in the third user account is modified to indicate that the service provider relies upon the second identity provider to authenticate the user on behalf of the service provider rather than the first identity provider. A response for the request to access the resource is then returned by the service provider.
The prior art, Hyland (US 20140310792A1), discloses integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol that provide clients with secured SSO mobile access to third-party services. Embodiments of this invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.
The prior art, Newstadt (US 9137228B1), discloses  using a third party session id to access services provided by a third party and an authentication augmentation system in responsive to authenticating user according to an additional authentication technique. An augmented authenticated identity for the user is redirected by the system to a service provider, where the identity comprises an authenticated identity for the user authenticated by an identity provider according to a default authentication of the service provider and an indication that the user is authenticated according to the technique.
The prior art, Varley (US 20170251025A1), discloses distributed data verification between a relying party server and a client device using data attested by at least one attestation server. Entities are loosely coupled, while still allowing for authentication data and transaction data to be tightly coupled in any given interaction. There need not be any prior relationships between relying parties and attestation servers, or between relying parties and users. A common syntax enables a relying party to define what types of attested data items will be accepted for a particular transaction, without having to predetermine all possible sources of identification a user may wish to provide. The relying party may not know the source of the attested data items a priori, but can nevertheless determine if they are satisfactory once they are received.
The prior art, Angal (EP 2761522B1 ), discloses that in order to achieve the ability to interact with multiple different resource servers, the generic OAuth authorization server maintains mapping data that indicates which tokens belong to which resource servers, who the trusted partners of each resource server are, etc. Furthermore, in an embodiment of the invention, the generic OAuth framework is constructed in such a manner that a resource server administrator can easily customize the framework to accommodate the particular use case for his resource server. Different resource server administrators can "plug-in" their specific components into the generic OAuth framework. Thus, in one embodiment of the invention, each resource server informs the generic OAuth authorization server regarding the potential scopes (i.e., limited operations relative to resources) that the resource server might use.
The prior art, Belote (WO 2015171517A1), discloses  invoking trusted broker application executing on client device, using application uniform resource location (URL) and including public token portion, verifying that third-party application is authorized for use with single sign-on, providing pubic token portion to identity provider by trusted broker application, associating public token portion with user, and initiating authentication of user by third-party application by sending identifier indicating identity verification of user to third-party application.
However, the prior art, either alone or in combination does not expressly disclose “receiving, by an authentication system through input to an identity provider profile interface, a request to provide authentication via a third-party identity provider through authentication integrations, the request to provide authentication including identity provider integration information for the third-party identity provider; generating, by the authentication system, an identity provider profile for the third-party identity provider using the identity provider integration information; receiving, through input to an authentication integration interface, a request to generate an authentication integration with the third-party identity provider for a client system of the authentication system; and generating the authentication integration using the identity provider profile and the client integration information for the client system, the authentication integration configured to enable authentication of users of the client system by the authentication system using the third-party identity provider.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 8am-5pm(EST) and Friday 8am-12pm(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/KENDALL DOLLY/Primary Examiner, Art Unit 2436