DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This in response to the communications filed on 04 November 2020.
2.  Claims 1-25 are pending in the application.
3.  Claims 1-25 have been rejected.
Information Disclosure Statement
4.  The examiner has considered the information disclosure statement (IDS) filed on 16 July 2019, 19 November 2019, 17 June 2020, 04 September 2020, 09 October 2020 and 04 November 2020.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


5.  Claims 1-10 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because independent claim 1 is directed to an apparatus comprising a first instance of an authenticator, a secure key store and a synchronization processor.  However, after a review of the applicant’s specification the examiner has not found any elements of the apparatus being hardware.  Since the apparatus does not contain any hardware elements this renders the claim non-statutory.  Dependent claims 2-10 recite similar subject matter and are non-statutory as well.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

6.  Claim(s) 1-3, 10-13 and 20-23 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Gadde et al US 2018/0314817 A1 (hereinafter Gadde).
As to claim 1, Gadde discloses an apparatus comprising: 
a first instance of an authenticator associated with a first app (i.e. App 1) [0055] to allow a user of the first app to authenticate with a first relying party (i.e. such as for reservation booking) [0055]; 
a secure key store accessible by the first instance of the authenticator to securely store authentication data related to the first app (i.e. secure data store that is encrypted and stores biometric information used for the Apps) [0021]; 
a synchronization processor to share at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the apparatus (i.e. provide the verified authentication information associated with the user to the second application such as App 2) [0061]. 
As to claim 2, Gadde discloses the apparatus of claim 1 wherein the at least a portion of the authentication data comprises initial user verification reference data (i.e. reference biometric information) [0021]. 
As to claim 3, Gadde discloses the apparatus of claim 2 wherein the initial user verification reference data comprises at least one of a personal identification number (PIN), a password, a pattern, and a biometric template (i.e. reference biometric information) [0021]. 
As to claim 10, Gadde discloses the apparatus of claim 1 wherein the synchronization processor is to perform encryption of the at least a portion of the authentication data (i.e. reference biometric information associated with the user stored in an encrypted manner) [0021]. 
As to claim 11, Gadde discloses a method comprising: 
installing a first instance of an authenticator associated with a first app (i.e. App 1) [0055] to allow a user of the first app to authenticate with a first relying party (i.e. such as for reservation booking) [0055], the first instance of the authenticator to securely store authentication data related to the first app (i.e. secure data store that is encrypted and stores biometric information used for the Apps) [0021]; 
sharing at least a portion of the authentication data with a second instance of the authenticator associated with a second app (i.e. provide the verified authentication information associated with the user to the second application such as App 2) [0061]. 
As to claim 12, Gadde discloses the method of claim 11 wherein the at least a portion of the authentication data comprises initial user verification reference data (i.e. reference biometric information) [0021]. 
As to claim 13, Gadde discloses the method of claim 12 wherein the initial user verification reference data comprises at least one of a personal identification number (PIN), a password, a pattern, and a biometric template (i.e. reference biometric information) [0021]. 
As to claim 20, Gadde discloses the method of claim 11 wherein the synchronization processor is to perform encryption of the at least a portion of the authentication data (i.e. reference biometric information associated with the user stored in an encrypted manner) [0021]. 
As to claim 21, Gadde discloses a machine-readable medium having program code stored thereon which, when executed by one or more computing devices, causes the one or more computing devices to perform the operations of: 
installing a first instance of an authenticator associated with a first app (i.e. App 1) [0055] to allow a user of the first app to authenticate with a first relying party (i.e. such as for reservation booking) [0055], the first instance of the authenticator to securely store authentication data related to the first app (i.e. secure data store that is encrypted and stores biometric information used for the Apps) [0021]; 
sharing at least a portion of the authentication data with a second instance of the authenticator associated with a second app (i.e. provide the verified authentication information associated with the user to the second application such as App 2) [0061]. 
As to claim 22, Gadde discloses the machine-readable medium of claim 21 wherein the at least a portion of the authentication data comprises initial user verification reference data (i.e. reference biometric information) [0021]. 
As to claim 23, Gadde discloses the machine-readable medium of claim 22 wherein the initial user verification reference data comprises at least one of a personal identification number (PIN), a password, a pattern, and a biometric template (i.e. reference biometric information) [0021]. 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
7.  Claims 4, 5, 14, 15, 24 and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gadde et al US 2018/0314817 A1 (hereinafter Gadde) as applied to claims 1, 11 and 21 above, and further in view of Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya).
As to claim 4, Gadde does not teach the apparatus of claim 1 wherein the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been associated with the second app were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 5, Gadde does not teach the apparatus of claim 4 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 14, Gadde does not teach the method of claim 11 wherein the first app comprises a first synchronization processor to share the at least a portion of the authentication data with a second synchronization processor associated with the second app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been associated with the second app were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 15, Gadde does not teach the method of claim 14 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 24, Gadde does not teach the machine-readable medium of claim 21 wherein the first app comprises a first synchronization processor to share the at least a portion of the authentication data with a second synchronization processor associated with the second app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been associated with the second app were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 25, Gadde does not teach the machine-readable medium of claim 24 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
8.  Claims 6 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gadde et al US 2018/0314817 A1 (hereinafter Gadde) as applied to claims 1 and 11 above, and further in view of Lewis U.S. Patent No. 8,132,017 B1.
As to claim 6, Gadde does not teach the apparatus of claim 1 wherein the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data. 
Lewis teaches that the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data (i.e. exchange of synchronization messages to update password data) [column 7, lines 56-67]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the first synchronization processor and second synchronization processor would have exchanged messages to share updated user verification reference data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Lewis because it provides a mechanism for allowing a network user to utilize a single password for access to the disparate network resources [column 1 line 46 to column 2 line 2].
As to claim 16, Gadde does not teach the method of claim 11 wherein the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data. 
Lewis teaches that the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data (i.e. exchange of synchronization messages to update password data) [column 7, lines 56-67]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde so that the first synchronization processor and second synchronization processor would have exchanged messages to share updated user verification reference data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Gadde by the teaching of Lewis because it provides a mechanism for allowing a network user to utilize a single password for access to the disparate network resources [column 1 line 46 to column 2 line 2].
9.  Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gadde et al US 2018/0314817 A1 (hereinafter Gadde) and Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) as applied to claims 4 and 14 above, and further in view of Adrangi et al US 2016/0373257 A1 (hereinafter Adrangi).
As to claim 7, the Gadde-Huapaya combination does not teach the apparatus of claim 4 wherein the endorsement request comprises one or more authentication public keys. 
Adrangi teaches that the endorsement request comprises one or more authentication public keys (i.e. requests for attestation includes public key) [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement request would have comprised one or more authentication public keys.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Adrangi because it facilitates many-to-many or any-to-any data transmission without infrastructure support [0003].
As to claim 17, the Gadde-Huapaya combination does not teach the method of claim 14 wherein the endorsement request comprises one or more authentication public keys.
Adrangi teaches that the endorsement request comprises one or more authentication public keys (i.e. requests for attestation includes public key) [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement request would have comprised one or more authentication public keys.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Adrangi because it facilitates many-to-many or any-to-any data transmission without infrastructure support [0003].
10.  Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gadde et al US 2018/0314817 A1 (hereinafter Gadde) and Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) as applied to claims 4 and 14 above, and further in view of Cai et al US 2017/0289140 A1 (hereinafter Cai).
As to claim 8, the Gadde-Huapaya combination does not teach the apparatus of claim 4 wherein the endorsement response includes a session token. 
Cai teaches that the endorsement response includes a session token (i.e. using a session token in response to an identity assertion request) [0049].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement response would have included a session token.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Cai because it makes it easier to implement single sign-on authentication across multiple different types of middleware platforms in an enterprise-level computing environment [0003].
As to claim 18, the Gadde-Huapaya combination does not teach the method of claim 14 wherein the endorsement response includes a session token.
Cai teaches that the endorsement response includes a session token (i.e. using a session token in response to an identity assertion request) [0049].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement response would have included a session token.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Cai because it makes it easier to implement single sign-on authentication across multiple different types of middleware platforms in an enterprise-level computing environment [0003].
11.  Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gadde et al US 2018/0314817 A1 (hereinafter Gadde), Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) and Adrangi et al US 2016/0373257 A1 (hereinafter Adrangi) as applied to claims 7 and 17 above, and further in view of Reinsberg et al US 2019/0179806 A1 (hereinafter Reinsberg).
As to claim 9, the Gadde-Huapaya-Adrangi combination does not teach the apparatus of claim 7 wherein the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key. 
Reinsberg teaches that the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key (i.e. verification request includes a communications address, the public key and a signature from the user requesting the verification) [0032].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement request and/or the endorsement response would have included a signature generated over some object including the authentication public key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Reinsberg because it allows for a decentralized database associating public keys and communications addresses [0003].
As to claim 19, the Gadde-Huapaya-Adrangi combination does not teach the method of claim 17 wherein the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key. 
Reinsberg teaches that the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key (i.e. verification request includes a communications address, the public key and a signature from the user requesting the verification) [0032].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination so that the endorsement request and/or the endorsement response would have included a signature generated over some object including the authentication public key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Gadde-Huapaya combination by the teaching of Reinsberg because it allows for a decentralized database associating public keys and communications addresses [0003].
Relevant Prior Art
12.  The following references have been considered relevant by the examiner:
A.  Niemela US 2014/0137220 A1 directed to a method of obtaining password data for entry to an application running on a device [abstract].
B.  De Caro et al US 2019/0384627 A1 directed to one or more identifying endorsement requests to perform blockchain transaction endorsements [abstract].
C.  Maes US 2007/0162581 A1 directed to dynamically providing identity management or other services [abstract].
Conclusion
13.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793.  The examiner can normally be reached on M-F 7:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492