DETAILED ACTION
Responsive to the Applicant reply filed on 07/05/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in following.
On this merit, First Action Interview Pilot program’s procedure ends and normal processing begins.
The 35 USC § 102 and 103 rejection previously set forth in the First Action Interview mailed on 05/05/2022 is withdrawn.
Claims 3, 4, 7, 10, 11, 14 and 15-20 are rejected under 35 U.S.C. 112(b).
Claims 1-20 are pending. The Claims are rejected under the 35 USC § 103.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The amendment filed on 07/05/2022 has been entered. 
Applicant’s amendment filed on 07/05/2022 to Drawing has overcome the drawing objection previously set forth in the First office action mailed on 05/05/2022. Therefore the drawing objection previously set forth is withdrawn.
Claims 1, 8 and 15 have been amended.

Response to Arguments
Applicant’s arguments with respect to claims 1, 8 and 15 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Upon further consideration, a new ground(s) of rejection is made in view of Gailloux et al. (US 9338658 B1) in view of Lunsford et al. (US 10685131 B1). Please refer to the 35 U.S.C. § 103 section below for the detailed rejection.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 3, 4, 7, 10, 11, 14 and 15-20 are rejected under 35 U.S.C. 112(b).
Claims 3, 4, 7, 10, 11 and 14 respectively recite the limitation "the particular type of account".  There is insufficient antecedent basis for this limitation in the claims. “the particular type of account” should be “the particular type of new account” or other clarifications are necessary.
Claim 15 recites the limitation "the particular type of new account". There is insufficient antecedent basis for this limitation in the claim. “a particular type of account” should be “a particular type of new account” or other clarifications are necessary.
The dependent claims 16-20 inherit the deficiencies of the claim upon which ultimate claim and are rejected as well.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 7-10, 14-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux et al. (US 9338658 B1 hereinafter “Gailloux”) in view of Lunsford et al. (US 10685131 B1 hereinafter “Lunsford”).
Regarding claim 1, (Currently Amended) Gailloux discloses a method comprising: 
based on the user data, determining, by the server computer, a set of assertions for the user, the set of assertions comprising a plurality of facts about the user, where an assertion of the set of assertions is related to an account history of the user (col.9 ln.63-col10. ln.3, At block 204, using the information in the request, the evaluation application (“server computer”) identifies a subscriber account of the account applicant, for example a mobile communication service subscriber account. At block 206, the evaluation application validates the account applicant by matching two or more of name of the account applicant, postal address of the account applicant, or phone number of the account applicant); 
receiving, by the server computer from a relying entity, an assertion request for the user (col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant); and
responsive to the assertion request, providing, by the server computer to the relying entity, the assertion, of the set of assertions, related to the account history of the user (col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“assertion”) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server; col.5 ln.47-52, Confidence factors (“account history of the user”) may comprise the presence or absence of Voice mail redirect events, changing out of mobile communication device events, payment history and adding international calling service vents. Each of the factors may be given a predetermined different weight of importance),
 wherein the relying entity thereby grants the user a particular type of new account based on the assertion (col.10 ln.43-49, the enterprise uses the confidence report to determine whether it will open an account, not open an account, or to look up more information about the account applicant. the enterprise may open the new account for the account applicant based on the confidence report). 
However, Gailloux does not discloses “receiving, by a server computer from a trusted entity computer, user data corresponding to a user.” 
In a same field of endeavor, Lunsford discloses the method, wherein receiving, by a server computer from a trusted entity computer, user data corresponding to a user (col.8 ln.01-03, To extract the plurality of data vectors 182 for the user, the website may receive a user identifier 104 from the client device 102). 
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux with the teachings of Lunsford to include the concept of “receiving, by a server computer from a trusted entity computer, user data corresponding to a user.” One of ordinary skill in the art would have been motivated to make this modification because the website may receive a user identifier 104 from the client device 102 in order to extract the plurality of data vectors 182 for the user (col.8 ln.08-12).

Regarding claim 2, (Original) the combination of Gailloux and Lunsford discloses the method of claim 1, wherein the assertions do not include personally identifiable information about the user (Gailloux: col.5 ln.47-52, Confidence factors (“account history of the user”) may comprise the presence or absence of Voice mail redirect events, changing out of mobile communication device events, payment history and adding international calling service vents. Each of the factors may be given a predetermined different weight of importance).

Regarding claim 3, (Original) the combination of Gailloux and Lunsford discloses the method of claim 1, wherein the provided assertion specifies the particular type of account (Gailloux: col.10 ln.43-46, the enterprise uses the confidence report to determine whether it will open an account, not open an account, or to look up more information about the account applicant (“specifies the particular type of account”)).

Regarding claim 7, (Original) the combination of Gailloux and Lunsford discloses the method of claim 1, wherein the assertion request is a first assertion request and the particular type of account is a first type of account, the method further comprising:
receiving, by the server computer from the relying entity, a second assertion request for the user (Gailloux: col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant).
responsive to the second assertion request, providing, by the server computer, the assertion (Gailloux: col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“assertion”) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server), wherein the relying entity thereby refuses the user a second type of account based on the assertion (Gailloux: col.10 ln.49-53, in response to receiving the confidence report with an unfavorable confidence score the enterprise may turn down the account applicant and may not open a new account for the account applicant based on the confidence report).

Regarding claim 8, (Currently Amended) it is a system claim that corresponds to the claim 1. Gailloux further discloses a computer readable medium, operatively coupled to the processor (Gailloux: col. 11, ln.35-43, a computer system 380 suitable for implementing one or more embodiments disclosed herein. The computer system 380 includes a processor 382 (which may be referred to as a central processor unit or CPU) that is in communication with memory devices), for performing a method comprising. Therefore, claim 8 is rejected for at least same reasons as the method of claim 1.

Regarding claim 9, (Original) it is a system claim that corresponds to claim 2. Therefore, the claim is rejected for at least the same reasons as claim 2.

Regarding claim 10, (Original) it is a system claim that corresponds to claim 3. Therefore, the claim is rejected for at least the same reasons as claim 3.

Regarding claim 14, (Original) it is a system claim that corresponds to claim 7. Therefore, the claim is rejected for at least the same reasons as claim 7.

Regarding claim 15, (Currently Amended) Gailloux discloses a method comprising: 
transmitting, by the relying entity computer to a server computer, an assertion request for the user (col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant); 
receiving, by the relying entity computer from the server computer, an assertion, wherein the assertion is based on user data corresponding to the user and comprises a fact about the user that is related to an account history of the user (col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“assertion”) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server; col.5 ln.47-52, Confidence factors (“account history of the user”) may comprise the presence or absence of Voice mail redirect events, changing out of mobile communication device events, payment history and adding international calling service vents. Each of the factors may be given a predetermined different weight of importance); and 
granting, by the relying entity computer to the user, the particular type of new account based on the received assertion (col.10 ln.43-49, the enterprise uses the confidence report to determine whether it will open an account, not open an account, or to look up more information about the account applicant. the enterprise may open the new account for the account applicant based on the confidence report).
However, Gailloux does not discloses “receiving, by a relying entity computer from a user, a request for a particular type of account”.
In a same field of endeavor, Lunsford discloses the method, wherein receiving, by a relying entity computer from a user, a request for a particular type of account (col.8 ln.01-03, To extract the plurality of data vectors 182 for the user, the website may receive a user identifier 104 from the client device 102). 
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux and Lunsford with the teachings of Blakley to include  the concept of “receiving, by a relying entity computer from a user, a request for a particular type of account.” One of ordinary skill in the art would have been motivated to make this modification because the website may receive a user identifier 104 from the client device 102 in order to extract the plurality of data vectors 182 for the user (col.8 ln.08-12).

Regarding claim 16, (Original) it is a method claim that corresponds to claim 2. Therefore, the claim is rejected for at least the same reasons as claim 2.

Regarding claim 17, (Original) it is a method claim that corresponds to claim 3. Therefore, the claim is rejected for at least the same reasons as claim 3.

Regarding claim 18, (Original) the combination of Gailloux and Lunsford discloses the method of claim 15, wherein the assertion request is a first assertion request, and the particular type of account is a first type of account, the method further comprising: 
transmitting, by the relying entity computer to the server computer, a second assertion request for the user (Gailloux: col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant); 
responsive to the second assertion request, receiving, by relying entity computer from the server computer, an updated assertion, of the updated set of assertions (Gailloux: col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“updated assertion” based on the confidence factors below) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server; col.8 ln. 49-51, the confidence report/score 114/116 comprises a confidence score (e.g., a number) that is a weighted sum of confidence factors; col.5 ln.47-52, Confidence factors may comprise the presence or absence of Voice mail redirect events, changing out of mobile communication device events, payment history and adding international calling service vents); and 
granting, by the relying entity computer to the user, a second type of account based on the updated assertion (Gailloux: col.10 ln.43-49, the enterprise uses the confidence report to determine whether it will open an account, not open an account, or to look up more information about the account applicant. The enterprise may open the new account for the account applicant based on the confidence report).

Regarding claim 20, (Original) the combination of Gailloux and Lunsford discloses the method of claim 15, wherein the assertion request is a first assertion request and the particular type of account is a first type of account, the method further comprising: 
transmitting, by the relying entity computer to the server computer, a second assertion request for the user (Gailloux: col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant); 
responsive to the second assertion request, receiving, by relying entity computer from the server computer, the assertion (Gailloux: col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“assertion”) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server); and 
refusing, by the relying entity computer to the user, a second type of account based on the assertion (Gailloux: col.10 ln.49-53, in response to receiving the confidence report with an unfavorable confidence score the enterprise may turn down the account applicant and may not open a new account for the account applicant based on the confidence report).


Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux et al. (US 9338658 B1 hereinafter “Gailloux”) in view of Lunsford et al. (US 10685131 B1 hereinafter “Lunsford”) as applied to claims 1 and 8 above, and further in view of PERINCHERRY et al. (US 20170316322 A1  hereinafter “PERINCHERRY”).
Regarding claim 4, (Original) the combination of Gailloux and Lunsford discloses the method of claim 1, wherein the user data is first user data, the assertion request is a first assertion request, and the particular type of account is a first type of account, the method further comprising:
receiving, by the server computer from the trusted entity computer, second user data corresponding to the user (Lunsford: col.8 ln.01-03, To extract the plurality of data vectors 182 for the user, the website may receive a user identifier 104 from the client device 102);
receiving, by the server computer from the relying entity, a second assertion request for the user (Gailloux: col.9 ln.55-58, At block 202, an evaluation program or application receives a request from an enterprise new accounts server (“relying entity”) to predict the trustworthiness of an account applicant); and
responsive to the second assertion request, providing, by the server computer, an [[updated]] assertion, of the updated set of assertions (Gailloux: col.10 ln.28-42, At block 210, the evaluation application (“server computer”) generates a confidence report (“assertion”) about the trustworthiness of the account applicant based on the information found in the plurality of data stores. At block 212, the evaluation application transmits the confidence report to the enterprise server; col.5 ln.47-52, Confidence factors (“account history of the user”) may comprise the presence or absence of Voice mail redirect events, changing out of mobile communication device events, payment history and adding international calling service vents. Each of the factors may be given a predetermined different weight of importance),
wherein the relying entity thereby grants the user a second type of account based on the [[updated]] assertion (Gailloux: col.10 ln.43-49, the enterprise uses the confidence report to determine whether it will open an account, not open an account, or to look up more information about the account applicant. the enterprise may open the new account for the account applicant based on the confidence report).
The combination of Gailloux and Lunsford may not explicitly teach, but PERINCHERRY, which is a same field of endeavor, discloses the method, wherein based on the second user data, updating, by the server computer, the set of assertions for the user to generate an updated set of assertions for the user ([0067] Multidimensional data profile production rules 211D can be configured to make deductions regarding personality traits of an individual or group of individuals. These deductions can be viewed as new assertions and can be kept in memory 207, for example, by updating or modifying a user inclination distribution 209A [“updating the set of assertions based on the second user data”] or a user data dimension 209B in one or more of the user compressed multidimensional data profiles 209).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux and Lunsford with the teachings of PERINCHERRY to update, by the server computer, the set of assertions for the user to generate an updated set of assertions for the user based on the second user data. One of ordinary skill in the art would have been motivated to make this modification because a new inferred assertion or action generated upon the execution of a given production rule can have a confidence level (PERINCHERRY: para. 0052).

Regarding claim 11, (Original) it is a system claim that corresponds to claim 4. Therefore, the claim is rejected for at least the same reasons as claim 4.


Claims 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux et al. (US 9338658 B1 hereinafter “Gailloux”) in view of Lunsford et al. (US 10685131 B1 hereinafter “Lunsford”) in view of PERINCHERRY et al. (US 20170316322 A1  hereinafter “PERINCHERRY”) as applied to claims 4, 11 and 18 above, and further in view of Fischer et al. (US 10009337 B1 hereinafter “Fischer”).
Regarding claim 5, (Original) the combination of Gailloux, Lunsford and PERINCHERRY may not explicitly teach, but Fischer, which is a same field of endeavor, discloses the method of claim 4, wherein the first type of account is subject to more restrictions than the second type of account (Fischer: col. 28, ln. 27-28, FIG. 12 shall be described with reference to the examples illustrated in FIG. 1 and FIGS. 4-5; For example, Tom [“second type of account”], who is an authenticated user within Tenant 1201, is assigned/authorized three roles (e.g., Operator@HR, Admin@Customerservice, Admin@Finance), while Peter [“first type of account”] is only assigned/authorized one role (e.g., Operator@Finance) within Tenant 1201).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux, Lunsford and PERINCHERRY with the teachings of Fischer to include  the concept of “the first type of account is subject to more restrictions than the second type of account.” One of ordinary skill in the art would have been motivated to make this modification because with a single login, a user can access the same or different tenants with different roles and different privileges of each role using the same auth token (col. 13, ln. 42-44).

Regarding claim 12, (Original) it is a system claim that corresponds to claim 5. Therefore, the claim is rejected for at least the same reasons as claim 5.


Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux et al. (US 9338658 B1 hereinafter “Gailloux”) in view of Lunsford et al. (US 10685131 B1 hereinafter “Lunsford”) as applied to claims 1 and 8 above, and further in view of Sandoval (US 20140278991 A1).
Regarding claim 6, (Original) the combination of Gailloux and Lunsford may not explicitly teach, but Sandoval, which is a same field of endeavor, discloses the method of claim 1, wherein: 
prior to transmitting the user data to the server computer, the trusted entity computer receives user permission to share the user data responsive to a request to share the user data ([Sandoval: 0037] The access control module 116 [included in Content Device “trusted entity computer”] can receive an instruction from the user device 102 indicating the user's granting or denial of permission to share the user's data 110. The access control module 116 can process the instruction. For example, if the request is granted by the user [“prior to transmitting the user data to the server computer”], the access control module 116 can store data indicating that the user can redeem the offer associated with the request).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux and Lunsford with the teachings of Sandoval to receive user permission, by the trusted entity computer, to share the user data responsive to a request to share the user data prior to transmitting the user data to the server computer. One of ordinary skill in the art would have been motivated to make this modification because the access control module 116 can provide the user data 110 of the user who granted the request to the requesting device 112. As another example, if the request is denied by the user, the access control module 116 can store data indicating that the user denied the request (Sandoval: para. 0037).

Regarding claim 13, (Original) it is a system claim that corresponds to claim 6. Therefore, the claim is rejected for at least the same reasons as claim 6.


Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Gailloux et al. (US 9338658 B1 hereinafter “Gailloux”) in view of Lunsford et al. (US 10685131 B1 hereinafter “Lunsford”) as applied to claims 18 above, and further in view of Fischer et al. (US 10009337 B1 hereinafter “Fischer”).
Regarding claim 19, (Original) the combination of Gailloux and Lunsford may not explicitly teach, but Fischer, which is a same field of endeavor, discloses the method of claim 18, wherein the first type of account is subject to more restrictions than the second type of account (Fischer: col. 28, ln. 27-28, FIG. 12 shall be described with reference to the examples illustrated in FIG. 1 and FIGS. 4-5; For example, Tom [“second type of account”], who is an authenticated user within Tenant 1201, is assigned/authorized three roles (e.g., Operator@HR, Admin@Customerservice, Admin@Finance), while Peter [“first type of account”] is only assigned/authorized one role (e.g., Operator@Finance) within Tenant 1201).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Gailloux and Lunsford with the teachings of Fischer to include  the concept of “the first type of account is subject to more restrictions than the second type of account.” One of ordinary skill in the art would have been motivated to make this modification because with a single login, a user can access the same or different tenants with different roles and different privileges of each role using the same auth token (col. 13, ln. 42-44).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Blakley, III et al. (US 20040128393 A1), Method and system for consolidated sign-off in a heterogeneous federated environment: para. 0131, the issuing domain's point-of-contact server requests the assertion from the issuing domain's trust proxy  (step 304). After generating the assertion, the issuing domain's trust proxy then returns the assertion to the issuing domain's point-of-contact server (step 308).
Bretan (US 10375177 B1 hereinafter), Identity mapping for federated user authentication: col.18 ln.16-23, the identity mapping service may utilize this identity assertion to determine 504 whether the administrator or owner has been properly authenticated by the identity broke. If the administrator or owner is not properly authenticated and/or is not authorized to add users to the user account, the identity mapping service may deny 506 the request

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524. The examiner can normally be reached 9:00 AM- 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.S./Examiner, Art Unit 2493        
                                                                                                                                                                                                /Catherine Thiaw/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        12/7/2022