Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-5, 7-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of GrajekUS 2014/0082715.


As per claim 1, 14, 18  Trammel teaches A method for enhanced single sign-on for mobile applications, the method comprising: requesting, by a first mobile application, an authorization server to return a connector code; [0037]   ( application requests access token upon authentication)
Trammel teaches receiving, by the first mobile application, the connector code with at least one token from a remote server; [0034][0036]  (teaches receiving an device token in addition to device token)  Trammel teaches storing in a shared security mechanism, by the first mobile application, the at least one token [0049]  (managed storing application for credentials)


It would have been obvious to one of ordinary skill in the art to use the teaching of Grajek with Trammel at the time the invention was filed because it provides a convenient way to share authentication credentials.

As per claim 2.  Trammel teaches The method of claim 1 wherein the remote server is the authorization server.  [0040] (authorization server)

As per claim 3.  Trammel teaches The method of claim 1 wherein the remote server is a second server.  [0040] (authorization server)

As per claim 4. Trammel teaches The method of claim 1 wherein the first mobile application and second mobile application are issued by a same vendor.  [0026] (same vendor)

As per claim 5. Trammel teaches The method of claim 1 wherein the shared security mechanism comprises a keychain. [0049] (iOS keychain)

As per claim 7. Trammel teaches The method of claim 1 wherein the connector code is unique to a specific mobile device.  [0036]  (device token unique to user, device)

As per claim 8.  Grajek teaches The method of claim 1 wherein the at least one token identifies a user who is logged in to the first mobile application.  [0068]

As per claim 9. Grajek teaches The method of claim 8, further comprising querying, by the second mobile application, the user to determine whether the user accepts use of the at least one token with the second mobile application, and not using a profile to obtain a token for the second mobile application without acceptance of use of the at least one token with the second mobile application by the user.  [0090] (requires user involvement)

As per claim 10. Trammel teaches The method of claim 1, further comprising storing in the shared security mechanism, by the first mobile application, the connector code.  [0049] (stored using secure storage, or application manager)

As per claim 11. Grajek teaches The method of claim 1, further comprising searching, by the second mobile application, in the shared security mechanism for the connector code.  [0088] [0094][0095]  (second application uses first token to obtain new token and or access)

As per claim 12. Grajek teaches The method of claim 1, wherein the profile is a profile of a token exchange between the second application and the authorization server;  [0088]-[0091]

As per claim 13. Trammel teaches The method of claim 12, wherein the first mobile application and second mobile application are issued by a same vendor and wherein the method further 
Grajek teaches the second application and supplementally teaches token and client code/ connector code [0072] [0079][0088]-[0091]

As per claim 15. Trammel teaches The non-transitory computer-readable storage medium of claim 14 further comprising sending to the second mobile application, by the authorization server, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)

As per claim 16. Trammel teaches The non-transitory computer-readable storage medium of claim 14 wherein the returning the connector code to the first mobile application occurs after an authorization code from the first mobile application is exchanged for the at least one token.  [0034][0036][0037]  (Teaches receiving access token/connector code after device token after authentication)


As per claim 17. Trammel teaches The non-transitory computer-readable storage medium of claim 14 wherein the connector code is unique to a specific mobile device.  [0036]  (device token unique to user, device)


As per claim 19. Trammel teaches The computing device of claim 18 wherein the program logic further comprises executable logic for sending, to the second mobile application, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)


As per claim 20. Trammel teaches The computing device of claim 18 wherein the returning the connector code to the first mobile application occurs after an authorization code from the first mobile application is exchanged for the at least one token. [0034][0036][0037]  (Teaches receiving access token/connector code after device token after authentication)

Claims 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of GrajekUS 2014/0082715 in view of Kendall US 9,473,485.


As per claim 6. Kendall teaches The method of claim 1 wherein the shared security mechanism comprises a keystore.  (Column 33 lines 31-35; 41-53)  (teaches storing SSO credentials in a keychain and a keystore)  It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the keychain of Kendall with the previous combination because it increases security.




Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439