Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-27 are pending in this office action. Claims 8 and 18 have been cancelled. Claims 26-27 have been newly added.

Priority
No foreign priority is claimed.

Response to Arguments
Applicant presents arguments regarding the presence or absence of claimed limitations in the prior art. However, applicant has amended the claims and in so doing has changed their scope. The responses as well as any applicable new grounds of rejection, necessitated by applicant's amendments, are outlined below.


Applicant argues:
Guo in view of Pinner does not teach or suggest claim 1's element of "determining, by one or more processors, a realm from a mapping of TOTPs and realms, based on said TOTP”. Guo merely states that "the user device 302 may then send the user ID... to determine the appropriate realm in which the user should seek authentication." (Emphasis added). In contrast, claim 1 recites "determining, by one or more processors, a realm from a mapping of TOTPs and realms, based on said TOTP". Pinner does not cure the deficiencies of Guo by teaching or suggesting claim 1's element of "determining, by one or more processors, a realm from a mapping of TOTPs and realms, based on said TOTP. While Pinner does generally describe that "authentication credentials... can include a combination of a username and password, a cryptographic certificate, a one-time password, or a combination of several authentication credentials", Pinner fails to teach or suggest claim l's element of "determining, by one or more processors, a realm from a mapping of TOTPs and realms, based on said TOTP.
Examiner Response:
Regarding argument (a), examiner respectfully disagrees with applicant. The newly added limitation recites - “determining, by one or more processors, a realm from a mapping of TOTPs and realms, based on said TOTP”, wherein it is claimed that a mapping of TOTPs and realms is used to determine a realm which is further used to authenticate a user with username in said realm. Examiner would like to clarify again, based on the rejection, that Guo teaches determining realm of a received username of the user using a mapping of usernames and realms (para 0024-0026, 0028, 0046 - mapping between user IDs and realms), however the aspect of other credentials that are mapped to respective realms and utilized in associated authentication processes may be a logical extension of Guo’s teachings, which are also disclosed by Pinner, as also explained in the rejection below. Pinner discloses authentication credentials comprising combinations of username, password including TOTP etc. which are linked to user accounts which in turn are permitted to access federated services or realms based on mapping of credentials including TOTP to the federated service (para 0021-0025 - “…each of the federated services 123 can have a different set of authentication credentials 133 linked to the user account 129, such as a different user name and password combination, the SSO token 136 allows the user to authenticate once with the identity manager 113…”). The combination thus teaches that a mapping can be between realm and different credential elements such as username, password TOTP or combination of those, and extending the teaching of Guo that discloses username-to-realm mapping, to further include other types of credentials as disclosed by Pinner, would be routine skill in the art, as would also be obvious to enhance the security features of the system.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5, 7, 9-15, 17, 19-25, 27 are rejected under 35 U.S.C. 103 as being unpatentable over Guo et al. (US 2017/0295166 A1, hereinafter Guo), in view of Pinner et al. (US 2020/0021574 A1, Pinner hereinafter).
For claim 1, Guo teaches a computer-implemented method comprising: maintaining, by one or more processors, a mapping of usernames and realms (para 0024-0026, 0028, 0046 - mapping between user IDs and realms);
receiving, by one or more processors, credentials including a username and a password for said username based on an authentication application (para 0020, 0024, 0026 - user credentials are received including a username and password based on an authentication application UI);
subsequent to receiving said credentials: determining, by one or more processors, a realm from said mapping based on said received username and said password (para 0024-0026, 0028, 0032 - realm is discovered or determined based on entering or receiving of the credentials, i.e. user ID and the password, in the UI); and 
requesting, by one or more processors, entry of a credential relating to said username in said realm (para 0024-0025, 0028, 0030, 0039-0040 - entering or provisioning of the additional credential such as password or a token in the discovered realm, after the realm is discovered for the user ID based on entering of the credentials); and 
subsequent to receiving of said requested credential, authenticating, by one or more processors, said username by determining that said received credential matches an expected credential for said realm (para 0026-0027, 0032-0033).
Guo teaches use of passwords and tokens as discussed above, and it is very well-known in the art that OTP may be used for added security wherein the code expires in a set time for added security, Guo does not appear to explicitly disclose, however Pinner discloses receiving a username and a time-based one-time password code (TOTP code) for said username, and determining a realm from said mapping based on said username and said TOTP (para 0021-0026 - credentials may include username and other passcodes such as OTP and TOTP, to determine and provide access to realms or federated services, the authentication credentials comprising combinations of username, password including TOTP etc. which are linked to user accounts which in turn are permitted to access federated services or realms based on mapping of credentials including TOTP to the federated service; Pinner para 0023 - “…each of the federated services 123 can have a different set of authentication credentials 133 linked to the user account 129, such as a different user name and password combination, the SSO token 136 allows the user to authenticate once with the identity manager 113…” - indicating that a mapping can be between realm and different credential elements such as username, password TOTP or combination of those, to further include other types of credentials).
Based on Guo in view of Pinner, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to utilize teachings of Pinner in the system of Guo by incorporating well-known aspect of time-based single use passwords or TOTP, and the associations with computing environment, thereby restricting the area of use, to enhance system security using additional authentication factors and making the system more robust.

For claim 2, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches receiving, by one or more processors, said username and said password in two steps (para 0020, 0024-0025 - password is entered separately in the UI as a second step in addition to entering the username, or password sent separately as a second step). Guo does not disclose, however Pinner teaches receiving TOTP as password (para 0021-0024, 0026 - credentials may include username and other passcodes such as OTP and TOTP).

For claim 3, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches the method of claim 2, and providing, by one or more processors, a user-interface adapted for receiving said username and said password (para 0020, 0024, 0026 - user credentials are received including a username and password based on an authentication application UI). Guo does not disclose, however Pinner teaches receiving TOTP as password (para 0021-0024, 0026 - credentials may include username and other passcodes such as OTP and TOTP).

For claim 4, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches the method of claim 3, wherein said user interface is a command line interface (para 0020, 0024, 0033, 0060 - typing or entering in UI indicating credential entry form/space).

For claim 5, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches receiving, by one or more processors, said username and said password in a single step process (para 0020, 0024-0025 - username and password entered in the UI considered as one step). Guo does not disclose, however Pinner teaches receiving TOTP as password (para 0021-0024, 0026 - credentials may include username and other passcodes such as OTP and TOTP).

For claim 7, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches wherein said authentication application is a client-side application (para 0023, 0026 - user browser-based authentication application), however Pinner teaches authentication application is a client-side TOTP generator (para 0021-0024, 0030, 0057, 0076 - client browser generating requests with tokens).

For claim 9, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo already teaches wherein said mapping is performed using a database (0005, 0024, 0028 - realm mapping list as a database or datastore), wherein the database comprises of tables as well-known in the art, and therefore it is implied that mapping is performed using a table as part of the database. Further, Pinner also discloses hash tables or database tables for mapping data values to be stored (para 0015 - hash tables and relational databases with tables). 

For claim 10, Guo in view of Pinner teaches the claimed subject matter as discussed above. Guo further teaches determining, by one or more processors, that said passcode is valid or not, and terminating authentication process (para 0032-0033, 0045). Guo does not disclose, however Pinner teaches determining that said TOTP is no longer valid; and subsequent to determining that said TOTP is no longer valid, terminating a process (para 0022-0023, 0026, 0036-0037, 0055 - token as a time-based passcode that expires upon certain duration and failing a process).

As to claim 11, the claim limitations are similar to those of claim 1, except claim 11 is drawn to a computer program product for authentication of a username, the computer program product comprising: one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media (Fig. 1, 9; para 0058-0059), the program instructions comprising program instructions to perform the method of claim 1. Therefore claim 11 is rejected according to claim 1.

As to claims 12-15, 17, 19-20, the claim limitations are similar to those of claims 2-5, 7, 9-10 respectively. Therefore claims 12-15, 17, 19-20 are rejected according to claims 2-5, 7, 9-10 respectively as above.

As to claim 21, the claim limitations are similar to those of claim 1, except claim 21 is drawn to a computer system for authentication of a username, the computer system comprising: one or more computer processors, one or more computer readable storage media, and program instructions collectively stored on the one or more computer readable storage media for execution by at least one of the one or more computer processors (Fig. 1, 9; para 0057-0059), the program instructions comprising program instructions to perform the method of claim 1. Therefore claim 21 is rejected according to claim 1.

As to claims 22-25, the claim limitations are similar to those of claims 2-5 respectively. Therefore claims 22-25 are rejected according to claims 2-5 respectively as above.

For claim 27, Guo in view of Pinner teaches the claimed subject matter as discussed above. Although Guo teaches account authority with accounts associated with multiple realms (para 0003), Guo does not disclose, however Pinner teaches wherein said username is associated with a plurality of realms (para 0023-0025, 0027, 0061 - user associated with plurality of realms or federated services).


Claim 6, 16, 26 are rejected under 35 U.S.C. 103 as being unpatentable over Guo et al. (US 2017/0295166 A1, hereinafter Guo), in view of Pinner et al. (US 2020/0021574 A1, Pinner hereinafter), and further in view of Gordon et al. (US 2021/0014224 A1, Gordon hereinafter).

For claims 6 and 16, Guo in view of Pinner teaches the claimed subject matter as discussed above. Although Guo teaches internet domain as a realm, and instant messaging and application modules as realms (para 0003, 0024, 0028, 0048) which implies a computing environment required to host and deploy applications and wherein it is obviously well-known in the art that cloud computing environment may be used, Guo and Pinner do not disclose, however Gordon teaches wherein said realm is selected from the group consisting of: an application in a cloud computing environment, and a software development environment (para 0035, 0038-0039, 0045 - cloud and network environment of realms, as an extensible aspect for development and production level application hosting, that may be incorporated by combination of Guo, Pinner and Gordon).

For claim 26, Guo in view of Pinner teaches the claimed subject matter as discussed above. Although Guo teaches many realms across network (para 0003-0004, 0017-0018), and Pinner teaches federated services across network (para 0012-0013), Guo and Pinner do not appear to explicitly disclose, however Gordon teaches wherein each realm is a sub group of dynamically configurable computing resources in a cloud computing environment (para 0035, 0038, 0042, 0045 - configurable cloud and network environment of realms, as an extensible aspect that may be incorporated by combination of Guo, Pinner and Gordon).

    
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH M JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JEFFREY PWU can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433