DETAILED ACTION
This Office Action is in response to the communication filed on 03/12/2021.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Terminal Disclaimer
The terminal disclaimer filed on 07/26/2022 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of Patent number 10986082 has been reviewed and is accepted. The terminal disclaimer has been recorded.
Examiner's Amendment
An Examiner's amendment to the record appears below. Should the changes and/or additions be unacceptable to applicants, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner's amendment was given in a discussion with Kirk Sigmon (Reg. No. 76326) on 07/27/2022.
The application has been amended as follows:
1. 	(Currently Amended) A method comprising:
connecting, by a server, a client device to a virtual desktop session, hosted by the server, based on authentication of a token with a first broker machine, wherein the server is a virtual delivery agent (VDA), and wherein the token corresponds to the client device and comprises an enterprise user identifier (ID) and information that identifies the virtual desktop session;
creating, by the server, a local user account based on the enterprise user ID, wherein the local user account has a same name as a name associated with the enterprise user ID; 
detecting a disconnection of the virtual desktop session hosted by the server;
receiving a request to reconnect to the virtual desktop session, wherein the request is usable to identify the token;
determining that the first broker machine is unavailable to authenticate the token; and
reconnecting the client device to the virtual desktop session using the local user account and based on authentication of the token with a second broker machine different from the first broker machine and having an authentication key synchronized with the first broker machine.
2.	(Canceled).
5-6.	(Canceled).
7.	(Currently Amended) The method of claim 1, wherein creating the local user account comprises generating a random password for the local user account.
8.	(Currently Amended) One or more non-transitory computer readable media storing computer readable instructions that, when executed, configure a server to perform:
establishing a connection between the server and a client device for a virtual desktop session, hosted by the server, based on authentication, with a first broker machine, of a token corresponding to the client device, wherein the server is a virtual delivery agent (VDA), and wherein the token comprises an enterprise user identifier (ID) and information that identifies the virtual desktop session;
creating, by the server, a local user account based on the enterprise user ID, wherein the local user account has a same name as a name associated with the enterprise user ID; 
detecting a disconnection of the virtual desktop session;
receiving a reconnection request for the virtual desktop session, wherein the reconnection request is usable to identify the token;
determining that the first broker machine is not available to authenticate the token; and
reconnecting the client device to the virtual desktop session using the local user account and based on authenticating the token with a second broker machine different from the first broker machine and having an authentication key synchronized with the first broker machine.
9.	(Canceled).
12-13.	(Canceled).
14.	(Currently Amended) The computer readable media of claim 8, wherein creating the local user account comprises generating a random password for the local user account.
15.	(Currently Amended) A method for connecting to a virtual desktop, comprising:
authenticating, at a first broker machine, a user request to connect to a virtual delivery agent (VDA), wherein the user request comprises a user identifier (ID);
generating, at the first broker machine and based on [[the]]a private key synchronized between the first broker machine and a second broker machine different from the first broker machine, a token comprising the user ID;
providing the token from the first broker machine to the VDA;
receiving, at the VDA, a request to logon to a preexisting session on the VDA, the request to logon comprising 
determining, by the VDA, the token corresponding to the connection data;
authenticating, by the VDA and responsive to receiving the request to logon, the token by sending the token to [[a]]the second broker machine different from the first broker machine;
prior to authenticating the token by sending the token to the second broker machine, determining that the first broker machine is unavailable; and
connecting a client device to the preexisting session in response to authentication of the token by the second broker machine and using a shadow user account created based on the user ID and has a same account name as an enterprise account of a user corresponding to the user ID.
16.	(Currently Amended) The method of claim 15, further comprising: sending, from the first broker machine, a connection file to the client device, wherein the to logon received at the VDA comprises the connection file, and wherein determining the token by the VDA is based at least in part on data in the connection file.
17.	(Currently Amended) The method of claim 15, further comprising: generating, based on authentication of the user ID, a shadow user account ID corresponding to the user ID; and automatically creating the shadow user account at the VDA
18-20.	(Canceled).

Allowable Subject Matter
Claims 1, 3-4, 7-8, 10-11, and 14-17 are allowed.
Prior arts found:
Prior art US 2016/0134616 discloses a service provider system including an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform.
Prior art US 2017/0257215 discloses a computer in an untrusted cloud network functions as a cloud-based enterprise application store via which a client computer establishes a connection to an enterprise application in a trusted enterprise network. 
Prior art US 2019/0273746 discloses systems and methods for identity and access management in a service mesh that includes a plurality of interconnected microservices. A token associated with a request may be enriched based on the context data and sent to at least one other microservice. A database of security policies for each of the microservices may be maintained. 
Prior art US 2019/0018697 discloses a hybrid account logon for logging into remote desktops. In contrast to purely local or domain user accounts, the hybrid account logon combines local and domain accounts by, among other things, using a hybrid authentication package to build a local primary interactive logon token providing credentials for both local and domain-based accounts.
The following is an examiner's statement of reasons for allowance:
Regarding independent claim 1: None of the prior art of record discloses, individually or in a reasonable combination, the following combination of limitations as recited in claim 1: "creating, by the server, a local user account based on the enterprise user ID, wherein the local user account has a same name as a name associated with the enterprise user ID…determining that the first broker machine is unavailable to authenticate the token; and reconnecting the client device to the virtual desktop session using the local user account and based on authentication of the token with a second broker machine different from the first broker machine and having an authentication key synchronized with the first broker machine" in combination with other limitations as a whole and in the context recited in claim 1.
Regarding independent claim 8: None of the prior art of record discloses, individually or in a reasonable combination, the following combination of limitations as recited in claim 8: "creating, by the server, a local user account based on the enterprise user ID, wherein the local user account has a same name as a name associated with the enterprise user ID…determining that the first broker machine is not available to authenticate the token; and reconnecting the client device to the virtual desktop session using the local user account and based on authenticating the token with a second broker machine different from the first broker machine and having an authentication key synchronized with the first broker machine" in combination with other limitations as a whole and in the context recited in claim 8.
Regarding independent claim 15: None of the prior art of record discloses, individually or in a reasonable combination, the following combination of limitations as recited in claim 15: "generating, at the first broker machine and based on a private key synchronized between the first broker machine and a second broker machine different from the first broker machine, a token comprising the user ID…prior to authenticating the token by sending the token to the second broker machine, determining that the first broker machine is unavailable; and connecting a client device to the preexisting session in response to authentication of the token by the second broker machine and using a shadow user account created based on the user ID and has a same account name as an enterprise account of a user corresponding to the user ID" in combination with other limitations as a whole and in the context recited in claim 15.
Regarding dependent claims: Dependent claims are allowed as they depend from allowable independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AMIE C LIN whose telephone number is (571)272-7752. The examiner can normally be reached M-F 9:00AM -5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, GELAGAY SHEWAYE can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AMIE C. LIN/Primary Examiner, Art Unit 2436