Detailed Action
The present application is being examined under the pre-AIA  first to invent
provisions.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Amendment filed on 01/05/2021 has been acknowledged. Claims 1-20 are currently pending and have been considered below. Claim 1, 9 and 16 are independent claim. Claims 1-20 have been amended.

Terminal Disclaimer filed on 11/15/2019 has been reviewed and approved.

Priority
This application is a CON of application 13/777,987 (US Patent No 9,985,991) filed on 02/26/2013.

Remarks and Response
Applicant’s arguments filed in the amendments on 01/05/2021 have been fully considered but they are not persuasive. The reasons set forth below.

Response to Arguments
On pages 9 of the remarks, applicant argued that Wu’s user password is provided by the user and sent to Website A but this is not the same as the password being sent from website A to website B as asserted by the office action. 
Examiner respectfully disagrees. The claim doesn’t discuss any characteristic of the password other than just saying that the password is concealed password and remains hidden from user. Thus Examiner interpreted that password could be anything and mapped with signature that is generated by website A. Wu, ¶[0042]-¶[0043], user ID mapping data defines mapping relationship between user ID information associated with website A and user ID information associated with website B. The user ID mapping data enables website A to obtain the user ID information associated with website B from the same user’s ID information associated with website A. Here logging password to website B remains hidden from user. User doesn’t know what password website A is providing to website B. Website A has ID signature generator for generating a signature attached to the user ID information associated with 

On pages 9 of the remarks, applicant argued that Wu discusses sending the user ID and digital signature from website A to website B. A digital signature includes an encrypted hash of the user ID and the encrypted hash sent between website A and website B does not teach security information comprising concealed password that remains hidden from the user. 
Examiner respectfully disagrees. The claim doesn’t say that password cannot be any sort of signature. The claim does not discuss the nature of the security information other than just saying that security information comprises a concealed password and remains hidden to the user. Wu, ¶[0045],  teaches generating a signature by website A for the user and sending the signature to website B. Website B verifies by decrypting the signature attached to the user ID information received from website A. Signature decryption is used for verifying the authenticity and integrity of the user ID received from website B. A user may be allowed to access a requested resource on website B if the user’s ID has been verified. Here the password that is needed to access website B is hidden to the user. User doesn’t know what password is added by website A to request access for the user to website B.

For the entire above reasons examiner maintains the rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.



Claim 1-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over He (US Patent Application Publication No. 2008/0034417 A1) in view of Wu (US Patent Application Publication No. 2007/0240206 A1).

Regarding Claim 1, He discloses a method comprising: 
receiving, within an operating system network stack of a client device, a hypertext transfer protocol (HTTP) message issued by a client application executing on the client device, wherein the HTTP message is being transmitted to a destination system (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and transmitting, vi a transport layer connection, the modified HTTP request to a network appliance); 
requesting, by the client device, security information for the organization with respect to the destination system (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP 
modifying, by the client device, the received HTTP message to include the security information comprising the concealed password (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP request. ¶[0110], the client agent may modify the HTTP request by adding, removing or modifying a cookie contained within the HTTP request. ¶[0111], the client agent may add an HTTP cookie comprising authentication credentials to be transmitted to VPN. ¶[0116], the client agent may insert or remove security credentials on behalf of the client in order to provide secure access to resources). 
sending, by the client device, the modified HTTP message to the destination system (He, ¶[0120], after modifying the HTTP request the client agent may transmit, via a transport layer connection, the modified HTTP request to a network appliance). 
He does not appear to explicitly disclose the following limitations that Wu discloses:
identifying, by the client device, a user of the client application (Wu, ¶[0039], user C tries to conduct through user browser an internet 
determining the user is an authorized user of an organization (Wu, ¶[0040], Website A has its own user group which is defined by user library stored in data storage. Website B also has its own user group, which is defined by user library stored in data storage. ¶[0041], the user is allowed to access a requested resource on Website A if the user’s ID has been verified);
the security information being from a data store and comprising a concealed password that is associated with the organization and remains hidden from the user (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is hidden/concealed to user. ¶[0049]-¶[0051], Website B receives logon request from Website A and decrypts the ID signature and verifies the validity, such as authenticity and integrity of the signature);


Regarding claim 2, combination of He in view of Wu teaches the method of claim 1, further comprising: 
receiving a second HTTP message (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and transmitting, vi a transport layer connection, the modified HTTP request to a network appliance);
determining whether the second HTTP message contains an HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any 
determining whether a second user can be identified in the data store upon determining that the second HTTP message contains the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. Also Wu, ¶[0040], Website A has its own user group which is defined by user library stored in data storage. Website B also has its own user group, which is defined by user library stored in data storage. ¶[0041], the user is allowed to access a requested resource on Website A if the user’s ID has been verified); 
upon determining that the second user can be identified in the data store, identifying the second user in the data store in view of the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. Wu, ¶[0040], Website A has its own user group which is defined by user library stored in data storage. Website B also 
obtaining security information from the data store (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is hidden/concealed to user. ¶[0049]-¶[0051], Website B receives logon request from Website A and decrypts the ID signature and verifies the validity, such as authenticity and integrity of the signature); and

Regarding claim 3, combination of He in view of Wu teaches the method of claim 2 further comprising, sending an unmodified version of the second HTTP message to the destination system upon determining that the second HTTP message does not contain the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert 

Regarding claim 4, combination of He in view of Wu teaches the method of claim 2 further comprising, sending an unmodified version of the second HTTP message to the destination system upon determining that the second user is not allowed to perform the requested operation (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client).

Regarding claim 5, combination of He in view of Wu teaches the method of claim 2 further comprising, sending an unmodified version of the second HTTP message to the destination system upon determining that the second user is not allowed to perform the requested operation (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client).

Regarding claim 6, combination of He in view of Wu teaches the method of claim 1, wherein the modified HTTP request message comprises the HTTP message with a portion of the security information appended (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or 

Regarding claim 7, combination of He in view of Wu teaches the method of claim 1 further comprising recording the HTTP message from the client application to a user log (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], 

Regarding claim 8, He in view of Wu discloses the method of claim 1, wherein  the concealed password is an access password for the organization and is shared by a plurality of users of the organization (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is hidden/concealed to user. ¶[0049]-¶[0051], Website B receives logon request from Website A and decrypts the ID signature and verifies the validity, such as authenticity and integrity of the signature).

Regarding claim 9, He teaches a system comprising: 

a processing device of a client device, the processing device operatively coupled to the memory, the processing device to: 
receive a hypertext transfer protocol (HTTP) message within an operating system network stack of the client device, wherein the HTTP message is issued by a client application executing on the client device and is being transmitted to a destination system (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and transmitting, vi a transport layer connection, the modified HTTP request to a network appliance); 
request security information for the user with respect to the destination system (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP request. ¶[0110], the client agent may modify the HTTP request by adding, removing or modifying a cookie contained within the HTTP request. ¶[0111], the client agent may add an HTTP cookie comprising authentication credentials to be transmitted to VPN. ¶[0116], the client agent may insert or remove security credentials on behalf of the client in order to provide secure access to resources); 
modify the received HTTP message to include the security information comprising the concealed password (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP request. ¶[0110], the client agent may modify the HTTP request by adding, removing or modifying a cookie contained within the HTTP request. ¶[0111], the client agent may add an HTTP 
send the modified HTTP message to the destination system (He, ¶[0120], after modifying the HTTP request the client agent may transmit, via a transport layer connection, the modified HTTP request to a network appliance).
He does not appear to explicitly disclose the following limitations that Wu discloses:
identify, by the client device, a user of the client application Wu, ¶[0039], user C tries to conduct through user browser an internet transaction involving two partner systems, which are presented by Website A and Website B. ingle sign on is accomplished between Website A and Website B
determine the user is an authorized user of an organization (Wu, ¶[0040], Website A has its own user group which is defined by user library stored in data storage. Website B also has its own user group, which is defined by user library stored in data storage. ¶[0041], the user is allowed to access a requested resource on Website A if the user’s ID has been verified);
the security information being from a data store and comprising a concealed password that is associated with an organization and remains hidden from the user (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature 
He in view of Wu is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “HTTP authentication”. It would have been obvious to a person of ordinary skill in the art at the time the invention was made to modify the invention of He with the teaching in Wu to include the idea of authenticating the user using security information. Once the user is authenticated using security information, the resource server is informed of the authentication, and access to the resource is granted securely.

Regarding claim 10, combination of He in view of Wu teaches the system of claim 9, wherein the processing device is further to: 
receive a second HTTP message (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and 
determine whether the second HTTP message contains an HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client); 
determine whether the second user can be identified in the data store upon determining that the second HTTP message contains the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client. Also 
upon determining that the second user can be identified in the data store, identify the second user in the data store in view of the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. Wu, ¶[0040], Website A has its own user group which is defined by user library stored in data storage. Website B also has its own user group, which is defined by user library stored in data storage. ¶[0041], the user is allowed to access a requested resource on Website A if the user’s ID has been verified); 
and obtaining the security information from the data store (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is 

Regarding claim 11, combination of He in view of Wu teaches the system of claim 10, wherein the processing device is further to, send an unmodified HTTP message to the destination system, upon determining that a second HTTP request message is absent the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client).

Regarding claim 12, combination of He in view of Wu teaches the system of claim 10, wherein the processing device is further to, send an unmodified HTTP message to the destination system upon determining that the user cannot be identified in the data store (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may 

Regarding claim 13, combination of He in view of Wu teaches the system of claim 10, wherein the processing device is further to, send an unmodified HTTP message to the destination system upon determining that the user is not allowed to perform a requested operation (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application 

Regarding claim 14, combination of He in view of Wu teaches the system of claim 9, wherein the modified HTTP message comprises the HTTP message with a portion of the security information appended (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client).

Regarding claim 15, Combination of He in view of Wu discloses the system of claim 9, wherein the concealed password is an access password for the organization and is shared by a plurality of users of the organization (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with 

Regarding claim 16, He teaches a non-transitory computer-readable storage medium including instructions that cause a processing device of a client device to: 
receive, within an operating system network stack of the client device, a hypertext transfer protocol (HTTP) message issued by a client application executing on the client device, wherein the HTTP request message is being transmitted to a destination system (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and transmitting, vi a transport layer connection, the modified HTTP request to a network appliance); 
request, by the client device, security information for the organization with respect to the destination system (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP request. ¶[0110], the client agent may modify the HTTP request by adding, removing or modifying a cookie 
modify, by the client device, the received HTTP message to include the security information (He, ¶[0109], after intercepting at the network layer, the client agent may modify the HTTP request. ¶[0110], the client agent may modify the HTTP request by adding, removing or modifying a cookie contained within the HTTP request. ¶[0111], the client agent may add an HTTP cookie comprising authentication credentials to be transmitted to VPN. ¶[0116], the client agent may insert or remove security credentials on behalf of the client in order to provide secure access to resources); and 
send, by the client device, the modified HTTP message to the destination system (He, ¶[0120], after modifying the HTTP request the client agent may transmit, via a transport layer connection, the modified HTTP request to a network appliance).
He does not appear to explicitly disclose the following limitations that Wu discloses:
identify a user of the client application (Wu, ¶[0039], user C tries to conduct through user browser an internet transaction involving two partner systems, which are presented by Website A and Website B. ingle sign on is accomplished between Website A and Website B);

the security information being from a data store and comprising a concealed password that is associated with the organization and remains hidden from the user (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is hidden/concealed to user. ¶[0049]-¶[0051], Website B receives logon request from Website A and decrypts the ID signature and verifies the validity, such as authenticity and integrity of the signature);
He in view of Wu is analogous art because they are from the “same field of endeavor” and are from the same “problem solving area”. Namely, they pertain to the field of “HTTP authentication”. It would have been obvious to a person of ordinary skill in the art at the time the invention was made to modify the invention of He with the teaching in Wu to include the 
	
Regarding claim 17, combination of He in view of Wu teaches the non-transitory computer-readable storage medium of claim 16, wherein the instructions further cause the processing device to: 
receive a second HTTP message (He, ¶[0106], intercepting at the network layer, by the client agent executing on the client, an HTTP request from an application executing on the client, modifying the HTTP request and transmitting, vi a transport layer connection, the modified HTTP request to a network appliance);
determine whether the second HTTP message contains an HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client); 
upon determining that the HTTP message contains the HTTP basic credential, determine whether the second user can be identified in the data 
upon determining that the second user can be identified in the data store, identify the user in the data store (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then 
and obtain security information from a data store (Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to Website B is hidden/concealed to user. ¶[0049]-¶[0051], Website B receives logon request from Website A and decrypts the ID signature and verifies the validity, such as authenticity and integrity of the signature).

Regarding claim 18, combination of He in view of Wu teaches the non-transitory computer-readable storage medium of claim 17, wherein the instructions further cause the processing device to send an unmodified version of the second HTTP message to the destination system upon determining that the HTTP message is absent the HTTP basic credential (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently 

Regarding claim 19, combination of He in view of Wu teaches the non-transitory computer-readable storage medium of claim 17, wherein the instruction further cause the processing device to send an unmodified HTTP message to the destination system upon determining that the user cannot be identified in the data store (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then 

Regarding claim 20, combination of He in view of Wu teaches the non-transitory computer-readable storage medium of claim 16, wherein the modified HTTP message comprises the HTTP request message with a portion of the security information appended (He, ¶[0135], the client agent may add, remove or modify other name-value pairs in the received HTTP header. A client agent may insert a name-value pair in the HTTP request identifying a plurality of versions of the requested resources which are currently cached on the client. ¶[0136], the client agent may store the received cookie using any storage method. The client agent may use any methods of sorting or indexing the stored cookie, including without limitation indexing by user, session, application, and appliance. ¶[0137], after storing the received cookie, the client agent may then transmit the modified HTTP communication to an application executing on the client. Wu, ¶[0042], the user ID mapping data defines mapping relationships between user ID information associated with Website A and user ID information associated with Website B. ¶[0043], Website A further has ID signature generator for generating a signature attached to the user ID information associated with Website B. ¶[0044], Website B includes signature verification for decrypting the signature attached to the user ID information received from Website A. ¶[0045], signature decryption is used for verifying the authenticity and integrity of the user ID received from Website A. Thus logging password to 

Conclusion
THIS ACTION IS MADE FINAL. See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  Any inquiry concerning this communication or earlier communications from the examiner should be directed to WASIKA NIPA whose telephone number is (571)272-8923.  The examiner can normally be reached on M-F (7:30 - 5:00). If attempts 

/WASIKA NIPA/           Primary Examiner, Art Unit 2433