DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Applicant's amendments filed on 08/17/2022 has been received and entered.  Currently Claims 1-20 are pending.

Response to Arguments
Applicant’s argues on page 7 of applicant’s remarks that Hinton in view of Ahmed and Kode does not teach or suggest “…reception of the security token by the enterprise server from the security token service…” and “communicate the security token from the enterprise server to the legacy access provider” as recited in the amended claims.
The examiner respectfully disagrees.  The examiner refers to the below 103 rejections.  In particular, Hinton teaches point of contact server (e.g. enterprise server) receiving a token issued from a trust proxy (e.g. STS) ([0096]-[0097], [0131]). Hinton further teaches communicating the token from the point of contact server to the legacy provider (e.g. domain 620) ([0103], [0131]-[0132], [0136]).

Applicant’s argues on page 7 of applicant’s remarks that Hinton in view of Ahmed and Kode does not teach or suggest “cause the legacy access provider to initiate communication with the security token service to request that security token service authenticate the security token” as recited in the amended claims.
Applicant’s arguments are moot in view of the below new ground(s) of rejection.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9-11 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton et al. US2006/0236382 hereinafter referred to as Hinton, in view of Ahmed et al. US2014/0337954 hereinafter referred to as Ahmed, Kode et al. US2015/0339464 hereinafter referred to as Kode, and Hinton et al. US2009/0205032 hereinafter referred to as Hinton ‘032.
As per claim 1, Hinton teaches a system for securely accessing legacy data, the system comprising: an enterprise server including at least a processor and a memory, the enterprise server configured to communicate with at least (a) a security token service configured to issue a security token, (b) a legacy access provider configured to receive the security token, and (c) a legacy system configured to store the legacy data (Hinton paragraph [0096], [0103], [0129], [0131], enterprise communicate with security token service configured to issue token. paragraph [0101], [0103], [0132], [0136], legacy provider receives token; paragraph [0087], [0089], legacy resources); 
the processor configured to execute instructions stored on the memory to cause the enterprise server to: (i) associate a first user account with the security token upon reception of the security token by the enterprise server from the security token service; (ii) communicate the security token from the enterprise server to the legacy access provider for authentication of the security token; (iv) enable creation of a second user account and the legacy access provider verifies authentication of the security token; (iv) access the legacy system via the first user account and the second user account (Hinton paragraph [0097], [0124], [0131], [0166]-[0167], generate and associate the token with the user; paragraph [0101], [0103], [0131]-[0132], [0136], [0168], legacy provider receives token and verifies authentication; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources)(the legacy resource is accessible via the enterprise/identity provider account and the newly created legacy local account).
Hinton does not explicitly disclose enable creation of a second user account after authenticates security token.
Ahmed teaches enable creation of a second user account after authenticates security token (Ahmed paragraph [0039], [0058], authenticate token and then create account).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton with the teachings of Ahmed to include creating the account after authentication of the token in order to allow local account creation for only authorized users.
Hinton in view of Ahmed does not explicitly disclose (v) cause at least user account to be deleted after a single use of system.  
Kode teaches(v) cause at least user account to be deleted after a single use of system (Kode paragraph [0024], [0028], [0036], create account, use system, logoff and delete account).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff because the results would have been predictable and resulted in the deletion of the local account when the user logs off.  It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff in order to provide account management of the locally created account.
Hinton in view of Ahmed and Kode does not explicitly disclose (iii) cause access provider to initiate communication with security token service to request that security token service authenticate security token.
Hinton ‘032 teaches (iii) cause access provider to initiate communication with security token service to request that security token service authenticate security token (Hinton ‘032 paragraph [0023]-[0024], [0026], communicate with STS to authenticate token).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed and Kode with the teachings of Hinton ‘032 to include communicating with the STS to authenticate the token in order to provide enhanced authentication of the request for access and the token.

As per claim 2, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 1, which includes a user interface in operative communication with the enterprise server, the user interface configured to enable access to enterprise data stored by the enterprise system and to legacy data stored by the legacy system (Hinton paragraph [0087], [0092], [0103], [0129], [0131], [0165], user interface to access enterprise data and legacy system).  

As per claim 3, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 2, wherein the enterprise server is configured cause at least one indicia to be added on the user interface upon reception of the security token, and wherein selection of the at least one indicia causes the communication of the security token to the legacy access provider (Hinton paragraph [0131], [0159], [0167], receive token and redirect to the legacy service provider with the token).  

As per claim 4, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 1, which includes the security token service, wherein the security token service includes an STS server having an STS processor and an STS memory, the STS processor configured to execute instructions stored on the STS memory to cause the STS server to issue the security token in response to a request by the enterprise server (Hinton paragraph [0096], [0100], [0103], [0129], [0131], enterprise communicate with security token service configured to issue token.).  

As per claim 5, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 1, which includes the legacy system, wherein the legacy system includes a legacy server having a legacy processor and a legacy memory, the legacy processor configured to execute instructions stored on the legacy memory to cause the legacy server to create the second user account upon authentication of the security token (Hinton paragraph [0035], [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; Ahmed paragraph [0039], [0058], authenticate token and then create account).  

As per claim 6, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 5, which includes the legacy access provider, wherein the legacy access provider includes an access server having an access processor and an access memory, the access processor configured to execute instructions stored on the access memory to cause the access server to enable communication between the enterprise server and the legacy server upon authentication of the security token (Hinton paragraph [0035], [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0176]-[0178], [0196], create account at the legacy service provider, communicate with enterprise server/identity provider, and provide access to legacy resources; Ahmed paragraph [0039], [0058], [0060], authenticate token and then create account). 

As per claim 9, Hinton teaches a method for securely accessing a legacy system via an enterprise system, the method comprising: requesting issuance of a security token from a security token service (STS) server of a security token service to an enterprise server of an enterprise system (Hinton paragraph [0096], [0103], [0129], [0131], enterprise request security token service to issue token); 
causing, by the enterprise server of the enterprise system, association of a first user account with the security token upon reception of the security token (Hinton paragraph [0097], [0124], [0131], [0166]-[0167], generate and associate the token with the user); 
communicating the security token from the enterprise server of the enterprise system to an access server of a legacy access provider for authentication of the security token (Hinton paragraph [0101], [0103], [0131]-[0132], [0136], legacy provider receives and validates token); 
enabling creation of a second user account and the legacy access provider authenticates the security token (Hinton paragraph [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources); 
accessing a legacy server of a legacy system via the first user account and the second user account (Hinton paragraph [0097], [0124], [0131], [0166]-[0167], generate and associate the token with the user; paragraph [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources)(the legacy resource is accessible via the enterprise/identity provider account and the newly created legacy local account).
Hinton does not explicitly disclose enabling creation of a second user account after authenticates security token.
Ahmed teaches enabling creation of a second user account after authenticates security token (Ahmed paragraph [0039], [0058], authenticate token and then create account).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton with the teachings of Ahmed to include creating the account after authentication of the token in order to allow local account creation for only authorized users.
Hinton in view of Ahmed does not explicitly disclose causing at least user account to be deleted after a single use of system.  
Kode teaches causing at least user account to be deleted after a single use of system (Kode paragraph [0024], [0028], [0036], create account, use system, logoff and delete account).  
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff because the results would have been predictable and resulted in the deletion of the local account when the user logs off.  It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff in order to provide account management of the locally created account.
Hinton in view of Ahmed and Kode does not explicitly disclose causing access provider to initiate communication with STS server of security token service to request that the security token service authenticate security token.
Hinton ‘032 teaches causing access provider to initiate communication with STS server of security token service to request that the security token service authenticate security token (Hinton ‘032 paragraph [0023]-[0024], [0026], communicate with STS to authenticate token).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed and Kode with the teachings of Hinton ‘032 to include communicating with the STS to authenticate the token in order to provide enhanced authentication of the request for access and the token.

As per claim 10, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, which includes accessing the enterprise server and the legacy server using a same user interface (Hinton paragraph [0087], [0092], [0103], [0129], [0131], [0165], user interface to access enterprise data and legacy system).  

As per claim 11, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, which includes causing at least one indicia to be added on a user interface upon reception of the security token, and enabling selection of the at least one indicia to cause communication of the security token to the access server (Hinton paragraph [0131], [0159], [0167], receive token and redirect to the legacy service provider with the token).  

As per claim 15, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, wherein causing at least the second user account to be deleted includes automatically causing the second user account to be deleted upon a user logging out of the second user account (Hinton paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; Kode paragraph [0024], [0028], [0036], create account, use system, logoff and delete account).  

As per claim 16, Hinton teaches a method for securely accessing a legacy system via an enterprise system, the method comprising: logging into an enterprise server of an enterprise system via a user interface (Hinton paragraph [0129]-[0130], [0164], logging into an enterprise system); 
causing, via input using the user interface, issuance of a security token from a security token service (STS) server of a security token service to the enterprise server of the enterprise system (Hinton paragraph [0096], [0103], [0129], [0131], enterprise communicate with security token service configured to issue token.); 
selecting, via input using the user interface, an indicia created after issuance of the security token to cause communication of the security token from the enterprise server of the enterprise system to an access server of a legacy access provider (Hinton paragraph [0131], [0159], [0167], receive token and redirect to the legacy service provider with the token); 
accessing, via the user interface, a legacy server of a legacy system upon creation of a user account and authentication of the security token (Hinton paragraph [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources).
Hinton does not explicitly disclose creation of a user account in response to authentication of security token.
Ahmed teaches creation of a user account in response to authentication of security token (Ahmed paragraph [0039], [0058], authenticate token and then create account).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton with the teachings of Ahmed to include creating the account after authentication of the token in order to allow local account creation for only authorized users.
Hinton in view of Ahmed does not explicitly disclose causing, via input using user interface, user account to be deleted after a single use of system.
Kode teaches causing, via input using user interface, user account to be deleted after a single use of system (Kode paragraph [0024], [0028], [0036], create account, use system, user logs off, and account is deleted).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff because the results would have been predictable and resulted in the deletion of the local account when the user logs off.  It would have also been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed with the teachings of Kode to include deleting an account after logoff in order to provide account management of the locally created account.
Hinton in view of Ahmed and Kode does not explicitly disclose causing access provider to initiate communication with STS server of security token service to request that the security token service authenticate security token.
Hinton ‘032 teaches ausing access provider to initiate communication with STS server of security token service to request that the security token service authenticate security token (Hinton ‘032 paragraph [0023]-[0024], [0026], communicate with STS to authenticate token).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed and Kode with the teachings of Hinton ‘032 to include communicating with the STS to authenticate the token in order to provide enhanced authentication of the request for access and the token.

As per claim 17, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 16, wherein the user account is a second user account (Hinton paragraph [0101], [0103], [0131]-[0132], [0136], legacy provider receives token; paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources), and 
wherein the method further includes causing creation of a first user account by the enterprise server upon reception of the security token (Hinton paragraph [0131], [0166], receive token and create user account).  

As per claim 18, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 17, which includes causing the first user account and the second user account to be deleted after a single use of the legacy system (Hinton paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; paragraph [0131], [0166], receive token and create user account; Kode paragraph [0024], [0028], [0036], create account, use system, user logs off, and account is deleted; Ahmed paragraph [0043], [0084]).  

As per claim 19, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 16, wherein causing the user account to be deleted includes logging off of the user interface (Hinton paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; Kode paragraph [0024], [0028], [0036], create account, use system, user logs off, and account is deleted). 

As per claim 20, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 16, wherein causing the user account to be deleted includes selecting a corresponding indicia using the user interface (Hinton paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; Kode paragraph [0024], [0028], [0036], create account, use system, user logs off, and account is deleted)(It is obvious that the user selects a indicia in order to close the application or log off the system).

Claims 7-8 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Ahmed, Kode and Hinton ‘032, and further in view of Busboon US2006/0155993.
As per claim 7, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 1, wherein the first user account is identifiable only by an data string (Hinton paragraph [0130], [0166], first user account).  
Hinton in view of Ahmed, Kode and Hinton ‘032 does not explicitly disclose automatically generated random data string.
Busboon teaches automatically generated random data string (Busboon paragraph [0079], [0110], generate random ID).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed, Kode and Hinton ‘032 with the teachings of Busboon to include generating a random ID in order to provide anonymization of the federated single sign-on.

As per claim 8, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the system of claim 1, wherein the second user account is identifiable only by an data string (Hinton paragraph [0170], [0191], second user account).
Hinton in view of Ahmed, Kode and Hinton ‘032 does not explicitly disclose automatically generated random data string.
Busboon teaches automatically generated random data string (Busboon paragraph [0079], [0110], generate random ID).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed, Kode and Hinton ‘032 with the teachings of Busboon to include generating a random ID in order to provide anonymization of the federated single sign-on.

As per claim 12, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, which includes identifying the first user account only by an data string (Hinton paragraph [0130], [0166], first user account).  
Hinton in view of Ahmed, Kode and Hinton ‘032 does not explicitly disclose automatically generated random data string.
Busboon teaches automatically generated random data string (Busboon paragraph [0079], [0110], generate random ID).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed, Kode and Hinton ‘032 with the teachings of Busboon to include generating a random ID in order to provide anonymization of the federated single sign-on.

As per claim 13, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, which includes identifying the second user account only by an data string (Hinton paragraph [0170], [0191], second user account).  
Hinton in view of Ahmed and Kode does not explicitly disclose automatically generated random data string.
Busboon teaches automatically generated random data string (Busboon paragraph [0079], [0110], generate random ID).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed, Kode and Hinton ‘032 with the teachings of Busboon to include generating a random ID in order to provide anonymization of the federated single sign-on.

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Hinton in view of Ahmed, Kode and Hinton ‘032, and further in view of Blakley, III et al. US2004/0128393 hereinafter referred to as Blakley.
As per claim 14, Hinton in view of Ahmed, Kode and Hinton ‘032 teaches the method of claim 9, wherein causing at least the second user account to be deleted includes automatically causing the second user account to be deleted (Hinton paragraph [0132], [0168], [0170]-[0172], [0196], create account at the legacy service provider and provide access to legacy resources; Kode paragraph [0024], [0028], [0036], create account, use system, logoff and delete account).  
Hinton in view of Ahmed, Kode and Hinton ‘032 does not explicitly disclose causing second user account to be logged off upon a user logging out of first user account.
Blakley teaches causing second user account to be logged off upon a user logging out of first user account (Blakley paragraph [0170], [0172], causing second account to be logged off when user logs off first account).
Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Hinton in view of Ahmed, Kode and Hinton ‘032 with the teachings of Blakley to include causing a second account to be logged off when user logs off a first account in order to provide consolidated sign-off of the federated single sign-on sessions.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 8am - 5pm EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HENRY TSANG/             Primary Examiner, Art Unit 2495