DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the RCE filed on 7/20/2020 to application 15/963,895.
In the instant Amendment, claims 24-26 have been added; claims 4, 5 and 10 have been cancelled; and claims 1, 8 and 13 are independent claims.  Claims 1, 3, 6-9, 11-13 and 16-26 have been examined and are pending.  This Action is made Non-FINAL.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/20/2020 has been entered.
	
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 7/20/2020, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
	A) Applicant's argue Ben Ayed fails to disclose, teach or even suggest "delete the authentication information from the device based on being unable to verify the biometric information; request the user to input login credentials after deleting the authentication information; receive the requested login credentials as input to the device; verify the received login credentials; request the user to input new biometric information associated with the user based on verifying the received login credentials; and receive the new biometric information as input to the device," regarding claim 1. Examiner respectfully disagrees.
	Examiner submits Ben Ayed teaches "delete the authentication information from the device based on being unable to verify the biometric information; request the user to input login credentials after deleting the authentication information; receive the requested login credentials as input to the device; verify the received login credentials; request the user to input new biometric information associated with the user based on verifying the received login credentials; and receive the new biometric information as input to the device." Ben Ayed Paragraph 0309 recites "In a preferred embodiment, if authentication of said user biometric information is not successful, the system for authentication 10/11 can deny access, send a message to a third person, delete all information from said unitary mobile apparatus, lock the system for authentication 10/11, wait for an unlock message, perform fourth-factor authentication. In another preferred embodiment, the device or interface request the user to enter a PIN code or password and authenticates them prior to granting access. It is noted that this 3-factor authentication technology presents several advantages over other 2-factor and 3-factor 




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claims 1, 3, 6-9, 11-13 and 16-26 are rejected under 35 U.S.C. 103 as being unpatentable over Ben Ayed (“Ben Ayed”, US 2012/0019379), published on January 26, 2012, in view of Barnett et al. (“Barnett”, US 2015/0350338), published on December 3, 2015

	Regarding claim 1, Ben Ayed discloses a device, comprising (Ben Ayed: abstract):	one or more memories; and one or more processors, communicatively coupled to (Ben Ayed: par. 34; mobile phone; providing automatic login functionality to applications), to:	determine whether authentication information, associated with the user and stored on the device, is valid (Ben Ayed: par. 175; user enters a PIN/password; if validated …; par. 302; on detection of a wrong PIN code; par. 114; store user data such as password [e.g., PIN], private key; par. 117; store multiple login parameters corresponding to multiple client applications),	attempt to verify biometric information associated with the user based on determining that the authentication information is not valid (Ben Ayed: par. 302; on detection of a wrong PIN code; issues a request to the user to enter biometric information),	wherein the biometric information is provided as input to the device (Ben Ayed: par. 303; captures the user biometric data);		delete the authentication information from the device based on being unable to verify the biometric information; request the user to input login credentials after deleting the authentication information; receive the requested login credentials as input to the device; verify the received login credentials; request the user to input new biometric information associated with the user based on verifying the received login credentials; and receive the new biometric information as input to the device (Ben Ayed Paragraph 0309 recites "In a preferred embodiment, if authentication of said user biometric information is not successful, the system for authentication 10/11 can deny access, send a message to a third person, delete all information from said unitary mobile apparatus, lock the system for authentication 10/11, wait for an unlock message, perform fourth-factor authentication. In another preferred embodiment, the device or interface request the user to enter a PIN code or password and authenticates them prior to granting access. It is noted that this 3-factor authentication technology presents several advantages over other 2-factor and 3-factor authentication technologies. The most important advantage is universality and ability to work in challenging environment and with challenging devices. The BLUETOOTH system for authentication 10/11 can authenticate the user on a mobile phone ( through BLUETOOTH) and provide device security (proximity alarm), automatic login, and intelligent login. The BLUETOOTH system for authentication 10/11 can also authenticate the user to a lock that is not connected to a network (example an office door), and that has a BLUETOOTH transceiver. It can provide 2-factor as well as 3-factor authentication to that un-connected lock. If for some reason the 2-factor authentication fails, the BLUETOOTH system for authentication 10/11 may authenticate the user voice or the user movements, and possibly provide access on successful authentication of biometric factors.").	Ben Ayed does not explicitly disclose store a validity status, for authentication information, in a single sign-on (SSO) data store on the device, based on the validity status in the SSO data store; wherein the validity status is determined based on comparing a time duration of inactivity associated with each of a plurality of applications to a threshold time duration of inactivity, wherein the validity status is determined to be valid when each of the plurality of applications does not satisfy the threshold time duration of inactivity, and wherein the validity status is determined to be invalid when one of the plurality of applications satisfies the threshold time duration of inactivity; (Barnett: par. 31; an activity tracker implemented on a device of the client device to track activities of applications stored or loaded on to the client device; support single logout mechanism; activity tracker can monitor and determine application (in-)activity information on the client devices they are deployed on),	based on the validity status in the SSO data store; wherein the validity status is determined based on comparing a time duration of inactivity associated with each of a plurality of applications to a threshold time duration of inactivity (Barnett: par. 12; multiple applications; par. 23; store an array or map of user activity of applications 125, 135 by device of the client devices 110, 115 during a session. A maximum allowed period of no user-interface activity for the applications 120, 130 executing on the device is compared to a timeout value, and the applications 120, 130 are closed or the user logged out or locked out when the no user-interface activity value exceeds the timeout value),	wherein the validity status is determined to be valid when each of the plurality of applications does not satisfy the threshold time duration of inactivity (Barnett: par. 18; counter value/timestamp can be sent to all applications 125, 135 at the same time; par. 25; or the applications 125, 135 together can be considered a single session to be timed out together), and	wherein the validity status is determined to be invalid when one of the plurality of  (Barnett: par. 36; track activity across all applications 125, 135, and close an application or logout the client device if there is no activity in any of the applications 125, 135 for a determined interval of time);	receive an input from a user to access an application of the plurality of applications on the device (Barnett: par. 17; a time period since a mouse click or a data entered into the application 125, 135, etc. can be monitored. Additional and/or alternative user interactions can be monitored, for example, a user-interface being used to move a window of the application 125, 135 on the display screen can be detected and considered an activity even though the application 125, 135 is otherwise inactive, e.g. showing a report which is unchanged because there is no new data traffic).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the device of Ben Ayed to include; timeout based on timeouts of a plurality of applications. One would have been motivated to provide a means for enabling single sign off capability to a plurality of applications (Barnett: par. 12).

	Regarding claim 3, Ben Ayed and Barnett disclose the device of claim 1, Ben Ayed  further discloses wherein the device is configured by a device management platform to use biometric information validation, and the one or more processors, when attempting to verify biometric information associated with the user, are to: attempt to verify the biometric information associated with the user based on determining that the device is configured by the device management platform to use biometric (Ben Ayed: par. 35; at least one onboard biometric sensor means capable of capturing biometric information corresponding to a user).
	
	Regarding claim 6, Ben Ayed and Barnett disclose the device of claim 1, Ben Ayed further discloses wherein the one or more processors are further to:	verify the new biometric information after receiving the new biometric information as input to the device (Ben Ayed: par. 309; authenticate the user voice or the user movements, and possibly provide access on successful authentication of biometric factors);	generate new authentication information associated with the user based on verifying the new biometric information; store the new authentication information in a secure data store on the device (Ben Ayed: par. 181; stores information in encrypted form; par. 331; stores a first code "CODE A" and a first reference voice set corresponding to the user name in his own voice "ADAM"; par. 215; secure and safe location to store);	set a new validity status for the new authentication information to valid; and store the new validity status, for the new authentication information, in the (SSO) data store on the device (Ben Ayed: par. 117; store multiple login parameters corresponding to multiple client applications, and when client application requests login parameters, system for authentication automatically determines login parameters corresponding to the client application [e.g., SSO]).	Barnett further teaches set a new validity status (Barnett: par. 22; client devices can reset the counter [e.g., validity status] e.g. to zero. This is one way that detected inactivity timeouts can be coordinated across [plurality of] applications). 		Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the device of Ben Ayed to include; resets the status. One would have been motivated to provide a means of implementing single lock out capability for a plurality of applications (Barnett: par. 22).

	Regarding claim 7, Ben Ayed and Barnett disclose the device of claim 1, Ben Ayed further discloses wherein the one or more processors are further to:	receive an input from the user to access a second application on the device (Ben Ayed: par. 302; a user request for access to device or interface; par. 117; multiple login parameters corresponding to multiple client applications, and when client application requests login parameters, system for authentication automatically determines login parameters corresponding to the client application);	determine that the validated authentication information is still valid (Ben Ayed: par. 308; if the time period elapsed since a last successful authentication did not exceed a predetermined period of time [e.g., still valid] since the last successful authentication, sending a response wirelessly to said second paired device wherein said response comprises at least one code);	attempt, based on determining that the authentication information is still valid, to verify the biometric information associated with the user; and provide, based on being able to verify the biometric information, the validated authentication information to the  (Ben Ayed: par. 309; if the sample of biometric information is authenticated, access is granted).

	Regarding claim 8, Ben Ayed discloses a method, comprising (Ben Ayed: abstract):	determining, by the device, and based on receiving the input, whether there is valid authentication information, associated with the user, stored in a secure data store on the device (Ben Ayed: par. 101; upon receipt of an event or a message to authenticate the user; par. 215; provides a secure and safe location to store; par. 181; stores information in encrypted form);	if the authentication information is determined to be valid, providing, by the device, the authentication information to the application to grant the user access to the plurality of applications on the device (Ben Ayed: par. 110; system for authentication may request user data such as password, and if the user data is received and authenticated, access is granted to the user); or	if the authentication information is determined to be not valid; providing, by the device, a request for the user to provide biometric information associated with the user as input to the device (Ben Ayed: par. 302; on detection of a wrong PIN code; issues a request to the user to enter biometric information);	attempting, by the device, to verify biometric information, associated with the user, received based on providing the request; deleting, by the device, the authentication information from the device based on being unable to verify the biometric information;  requesting, by the device, the user to input login credentials after deleting (Ben Ayed Paragraph 0309 recites "In a preferred embodiment, if authentication of said user biometric information is not successful, the system for authentication 10/11 can deny access, send a message to a third person, delete all information from said unitary mobile apparatus, lock the system for authentication 10/11, wait for an unlock message, perform fourth-factor authentication. In another preferred embodiment, the device or interface request the user to enter a PIN code or password and authenticates them prior to granting access. It is noted that this 3-factor authentication technology presents several advantages over other 2-factor and 3-factor authentication technologies. The most important advantage is universality and ability to work in challenging environment and with challenging devices. The BLUETOOTH system for authentication 10/11 can authenticate the user on a mobile phone ( through BLUETOOTH) and provide device security (proximity alarm), automatic login, and intelligent login. The BLUETOOTH system for authentication 10/11 can also authenticate the user to a lock that is not connected to a network (example an office door), and that has a BLUETOOTH transceiver. It can provide 2-factor as well as 3-factor authentication to that un-connected lock. If for some reason the 2-factor authentication fails, the BLUETOOTH system for authentication 10/11 may authenticate the user voice or the user movements, and possibly provide access on successful authentication of biometric factors.").

	Ben Ayed does not explicitly disclose storing, by a device, a validity status, for authentication information, in a single sign-on (SSO) data store on the device, based on the validity status in the SSO data store ; wherein the validity status is determined based on comparing a time duration of inactivity associated with each of a plurality of applications to a threshold time duration of inactivity, wherein the validity status is determined to be valid when each of the plurality of applications does not satisfy the threshold time duration of inactivity, and wherein the validity status is determined to be invalid when one of the plurality of applications satisfies the threshold time duration of inactivity: receiving, by the device, an input from a user to access an application of the plurality of applications on the device.	However, in an analogous art directed to single logout of / lock out of multiple applications, Barnett teaches storing, by a device, a validity status, for authentication information, in a single sign-on (SSO) data store on the device (Barnett: par. 31; an activity tracker implemented on a device of the client device to track activities of applications stored or loaded on to the client device; support single logout mechanism; activity tracker can monitor and determine application (in-) activity information on the client devices they are deployed on),	based on the validity status in the SSO data store ; wherein the validity status is determined based on comparing a time duration of inactivity associated with each of a plurality of applications to a threshold time duration of inactivity (Barnett: par. 12; multiple applications; par. 23; store an array or map of user activity of applications 125, 135 by device of the client devices 110, 115 during a session. A maximum allowed period of no user-interface activity for the applications 120, 130 executing on the device is compared to a timeout value, and the applications 120, 130 are closed or the user logged out or locked out when the no user-interface activity value exceeds the timeout value),	wherein the validity status is determined to be valid when each of the plurality of applications does not satisfy the threshold time duration of inactivity (Barnett: par. 18; counter value/timestamp can be sent to all applications 125, 135 at the same time; par. 25; or the applications 125, 135 together can be considered a single session to be timed out together), and	wherein the validity status is determined to be invalid when one of the plurality of applications satisfies the threshold time duration of inactivity (Barnett: par. 36; track activity across all applications 125, 135, and close an application or logout the client device if there is no activity in any of the applications 125, 135 for a determined interval of time):	receiving, by the device, an input from a user to access an application of the plurality of applications on the device (Barnett: par. 17; a time period since a mouse click or a data entered into the application 125, 135, etc. can be monitored. Additional and/or alternative user interactions can be monitored, for example, a user-interface being used to move a window of the application 125, 135 on the display screen can be detected and considered an activity even though the application 125, 135 is otherwise inactive, e.g. showing a report which is unchanged because there is no new data traffic).	Therefore, it would have been obvious to one of ordinary skill in the art at or (Barnett: par. 12).
	
	Regarding claim 9, Ben Ayed and Barnett disclose the  method of claim 8, Ben Ayed further discloses wherein determining whether there is valid authentication information, associated with the user, stored in the secure data store on the device comprises: determining, based on metadata stored in the (SS) data store, whether there is valid authentication information, associated with the user, stored in the secure data store (Ben Ayed: par. 114; store user data such as … personal info, biometric info, operation hours, operation days, buzzer type, buzzer volume, buzzer duration, and alarm type [e.g., meta data]; par. 117; store multiple login parameters corresponding to multiple client applications, and when client application requests login parameters, system for authentication automatically determines login parameters corresponding to the client application; par. 181; stores information in encrypted form; par. 215; secure and safe location to store).

	Regarding claim 11, Ben Ayed and Barnett disclose the method of claim 8, Ben Ayed further discloses further comprising:	verifying the new biometric information after receiving the new biometric information as input to the device (Ben Ayed: par. 309; authenticate the user voice or the user movements, and possibly provide access on successful authentication of biometric factors);	generating new authentication information associated with the user based on verifying the new biometric information; and storing the new authentication information in the secure data store on the device (Ben Ayed: par. 331; stores a first code and a first reference voice set corresponding to the user name in his voice; par. 181; stores information in encrypted form).
	
	Regarding claim 12, Ben Ayed and Barnett disclose the method of claim 11, further comprising:	setting a validity status for the new authentication information to valid in the (SSO) data store on the device (Ben Ayed: par. 256; if the period since last PIN code exceeded a time threshold, [e.g., validity status changed] the user is asked to enter a PIN code).	Barnett further teaches set a new validity status (Barnett: par. 22; client devices can reset the counter [e.g., validity status] e.g. to zero. This is one way that detected inactivity timeouts can be coordinated across [plurality of] applications). 		Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the method of Ben Ayed to include; resets the status. One would have been motivated to provide a means of implementing single lock out capability for a plurality of applications (Barnett: par. 22).

Regarding claim 13, Ben Ayed discloses a non-transitory computer-readable medium storing instructions, the instructions comprising: one or more instructions that, when executed by one or more processors of a device, cause the one or more processors to (Ben Ayed: par. 34; mobile phones and for providing automatic login functionality to applications; par. 364; a program that will run on the employee's computer or device):	identify, based on receiving the input, the validity status (Ben Ayed: par. 302; on detection of a wrong PIN code; par. 114; store user data such as password [e.g., PIN], private key; par. 215; secure and safe location to store);	attempt to verify biometric information associated with the user based on the validity status being identified as not valid, wherein the biometric information is provided as input to the device (Ben Ayed: par. 302; on detection of a wrong PIN code; issues a request to the user to enter biometric information; par. 303; captures the user biometric data; par. 308; authenticates the captured biometric information using at a reference data set); and
	delete the authentication information from the device based on being unable to verify the biometric information; request the user to input login credentials after deleting the authentication information; receive the requested login credentials as input to the device; verify the received login credentials; request the user to input new biometric information associated with the user based on verifying the received login credentials; and receive the new biometric information as input to the device (Ben Ayed Paragraph 0309 recites "In a preferred embodiment, if authentication of said user biometric information is not successful, the system for authentication 10/11 can deny access, send a message to a third person, delete all information from said unitary mobile apparatus, lock the system for authentication 10/11, wait for an unlock message, perform fourth-factor authentication. In another preferred embodiment, the device or interface request the user to enter a PIN code or password and authenticates them prior to granting access. It is noted that this 3-factor authentication technology presents several advantages over other 2-factor and 3-factor authentication technologies. The most important advantage is universality and ability to work in challenging environment and with challenging devices. The BLUETOOTH system for authentication 10/11 can authenticate the user on a mobile phone ( through BLUETOOTH) and provide device security (proximity alarm), automatic login, and intelligent login. The BLUETOOTH system for authentication 10/11 can also authenticate the user to a lock that is not connected to a network (example an office door), and that has a BLUETOOTH transceiver. It can provide 2-factor as well as 3-factor authentication to that un-connected lock. If for some reason the 2-factor authentication fails, the BLUETOOTH system for authentication 10/11 may authenticate the user voice or the user movements, and possibly provide access on successful authentication of biometric factors.").
	Ben Ayed does not explicitly disclose store a validity status, for authentication information, in a single sign-on (SSO) data store on the device; receive an input from a user to access an application of a plurality of applications on the device; wherein the validity status is based on comparing a time duration of inactivity associated with each of the plurality of applications to a threshold time duration of inactivity, and wherein the validity status is determined to be valid when each of the plurality of applications does (Barnett: par. 31; an activity tracker implemented on a device of the client device to track activities of applications stored or loaded on to the client device; support single logout mechanism; activity tracker can monitor and determine application (in-)activity information on the client devices they are deployed on);	receive an input from a user to access an application of a plurality of applications on the device (Barnett: par. 12; multiple applications; par. 17; a time period since a mouse click or a data entered into the application 125, 135, etc. can be monitored. Additional and/or alternative user interactions can be monitored, for example, a user-interface being used to move a window of the application 125, 135 on the display screen can be detected and considered an activity even though the application 125, 135 is otherwise inactive, e.g. showing a report which is unchanged because there is no new data traffic);	wherein the validity status is based on comparing a time duration of inactivity associated with each of the plurality of applications to a threshold time duration of inactivity (Barnett: par. 36; track activity across all applications 125, 135, and close an application or logout the client device if there is no activity in any of the applications 125, 135 for a determined interval of time), and	wherein the validity status is determined to be valid when each of the plurality of (Barnett: par. 18; counter value/timestamp can be sent to all applications 125, 135 at the same time; par. 25; or the applications 125, 135 together can be considered a single session to be timed out together), and	wherein the validity status is determined to be invalid when one of the plurality of applications satisfies the threshold time duration of inactivity (Barnett: par. 36; track activity across all applications 125, 135, and close an application or logout the client device if there is no activity in any of the applications 125, 135 for a determined interval of time) .		Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the medium of Ben Ayed to include; store a validity status, for authentication information, in a single sign-on (SSO) data store on the device; receive an input from a user to access an application of a plurality of applications on the device; wherein the validity status is based on comparing a time duration of inactivity associated with each of the plurality of applications to a threshold time duration of inactivity, and wherein the validity status is determined to be valid when each of the plurality of applications does not satisfy the threshold time duration of inactivity, and wherein the validity status is determined to be invalid when one of the plurality of applications satisfies the threshold time duration of inactivity. One would have been motivated to provide a means for enabling single sign off capability to a plurality of applications (Barnett: par. 12).
Regarding claim 16, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 13, Barnett further teaches wherein:	each of the plurality of applications is associated with respective time durations of inactivity; and the validity status of the authentication information is further based on the respective time durations of inactivity of the plurality of applications (Barnett: par. 31; an activity tracker to track activities of applications stored or loaded on to the client device;  activity tracker can monitor and determine application (in-)activity information on the client devices they are deployed on. If the threshold of no user-interface activity is reached a message is sent to the activity manager, which can makes decisions based on information received from the activity trackers, e.g., including closing, logging out or locking out applications; par. 23; no user-interface activity value can vary depending on the application. For example, an application that can contain sensitive customer data can be configured to time out faster than applications that contain no customer sensitive data).		Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the medium of Ben Ayed to include; each of the plurality of applications is associated with respective time durations of inactivity; and the validity status of the authentication information is further based on the respective time durations of inactivity of the plurality of applications. One would have been motivated to provide a means for enabling single sign off capability to individual applications among a plurality of applications (Barnett: par. 23).
Regarding claim 17, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 16, Ben Ayed further discloses wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:	set the validity status of the authentication information associated with the user by comparing the respective time durations of inactivity of the plurality of applications and a respective threshold time durations of inactivity, and setting the validity status of the authentication information associated with the user based on a result comparing the respective time durations of inactivity of the plurality of applications (Ben Ayed: par. 108; device goes to sleep every 1 to 5 minutes of inactivity and user has to login again; par. 256; if the period since last PIN code exceeded a time threshold, or if a signal drop was recently detected, the user is asked to enter a PIN code).

	Regarding claim 18, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 17, Ben Ayed further discloses wherein the one or more instructions, that cause the one or more processors to set the validity status of the authentication information based on the result of comparing the respective time durations of inactivity of the plurality of applications, cause the one or more processors to:	set the validity status of the authentication information to not valid based on all of the respective time durations of inactivity of the plurality of applications satisfying the respective threshold time durations of inactivity (Ben Ayed: par. 257; provide access to enterprise applications over mobile devices have to disconnect a user [e.g., validity status change] after 30 seconds, 1 or 2 minute of inactivity [e.g., inactivity associated with applications]).	Barnett further teaches set the validity status of the authentication information to valid based on any of the respective time durations of inactivity of the plurality of applications not satisfying the respective threshold time durations of inactivity (Barnett: par. 18; counter value/timestamp can be sent to all applications at the same time; par. 25; or the applications together can be considered a single session to be timed out together).		Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the medium of Ben Ayed to include; set the validity status of the authentication information to valid based on any of the respective time durations of inactivity of the plurality of applications not satisfying the respective threshold time durations of inactivity. One would have been motivated to provide a means for enabling single sign off capability to individual applications among a plurality of applications when all applications are inactive (Barnett: par. 25).

	Regarding claim 19, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 13, Ben Ayed further discloses wherein: the validity status of the authentication information associated with the user is stored as metadata in the SSO data store on the device (Ben Ayed: par. 114; store user data such as … personal info, biometric info, operation hours, operation days, buzzer type, buzzer volume, buzzer duration, and alarm type [e.g., meta data]; par. 117; store multiple login parameters corresponding to multiple client applications); and	the metadata in the SSO data store further includes at least one of information identifying a time the authentication information associated with the user was generated or information identifying a time the authentication information associated with the user was last accessed (Ben Ayed: par. 114; store user data such as … operation hours, operation days, buzzer duration [e.g., meta timing data]).

	Regarding claim 20, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 13, Barnett further teaches wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: set the validity status of the authentication information to not valid based on determining that the user logged out of one or more applications of the plurality of applications  (Barnett: par. 30; log out of the applications 125, 135 without [the user] having to log out of each application 125, 135 separately, the communication network 100 includes an activity manager; sessions can be independent of each other and for single log out are terminated in what appears to be a single operation to the user).	Therefore, it would have been obvious to one of ordinary skill in the art at or before the effective filing date of the claimed invention to combine the teachings of Barnett with the medium of Ben Ayed to include; set the validity status of the authentication information to not valid based on determining that the user logged out of one or more applications. One would have been motivated to provide a means for enabling single sign off capability to individual applications (Barnett: par. 30).
Regarding claim 21, Ben Ayed and Barnett disclose the device of claim 1, Ben Ayed further discloses wherein the one or more processors, when attempting to verify the biometric information associated with the user, are to:	compare the biometric information associated with the user and reference biometric information associated with the user (Ben Ayed: par 100; reading new user biometric information, the system for authentication compares the new user biometric information with the stored user biometric identification signature); and	determine that verification of the biometric information associated with the user is successful based on a match of the biometric information associated with the user and the reference biometric information associated with the user (Ben Ayed: par 100; calculating correlation factors and comparing them to acceptable thresholds and authenticates the user is who he is (or not)).

	Regarding claim 22, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 13, Ben Ayed further discloses wherein the one or more instructions, that cause the one or more processors to attempt to verify the biometric information associated with the user, cause the one or more processors to: compare the biometric information associated with the user and reference biometric information associated with the user (Ben Ayed: par 100; reading new user biometric information, the system for authentication compares the new user biometric information with the stored user biometric identification signature using an onboard processor for calculating correlation factors and comparing them to acceptable thresholds and authenticates the user is who he is (or not)).
Regarding claim 23, Ben Ayed and Barnett disclose the non-transitory computer-readable medium of claim 22, Ben Ayed further discloses wherein the one or more instructions, when executed by the one or more processors, further cause the one or more processors to: determine that verification of the biometric information associated with the user is successful based on a match of the biometric information associated with the user and the reference biometric information associated with the user (Ben Ayed: par 100; reading new user biometric information, the system for authentication compares the new user biometric information with the stored user biometric identification signature using an onboard processor for calculating correlation factors and comparing them to acceptable thresholds and authenticates the user is who he is (or not)).

	Regarding claim 24, Ben Ayed and Barnett disclose the device of claim 1, wherein the biometric information includes one or more of: a fingerprint, a hand geometry, a retina or iris pattern, a voice signature, or a facial pattern (Ben Ayed, Paragraph 0313 recites “In step 162, the user enters biometrics information such as a voice message, a hand movement in 2D space, a hand movement in 3D space, a fingerprint, a hand scan, an iris scan, a facial scan, etc.”).

	Regarding claim 25, Ben Ayed and Barnett disclose thedevice of claim 1, wherein the login credentials include one or more of: a username and password, or a passcode (Ben Ayed: par. 175; user enters a PIN/password; if validated …; par. 302; on detection of a wrong PIN code; par. 114; store user data such as password [e.g., PIN], private key; par. 117; store multiple login parameters corresponding to multiple client applications).

	Regarding claim 26, Ben Ayed and Barnett disclose themethod of claim 8, wherein requesting the user to input the login credentials comprises: requesting the user to input one or more of: a username and password, or a passcode (Ben Ayed: par. 175; user enters a PIN/password; if validated …; par. 302; on detection of a wrong PIN code; par. 114; store user data such as password [e.g., PIN], private key; par. 117; store multiple login parameters corresponding to multiple client applications),
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODERICK TOLENTINO whose telephone number is (571)272-2661.  The examiner can normally be reached on Mon- Fri 8am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/RODERICK TOLENTINO/           Primary Examiner, Art Unit 2439