DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Citation of References
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. The following references are cited but not been replied upon for this office action:
Tribbett (US20110196914A1). Providing access to remotely hosted services, and more specifically to normalizing communications between one or more clients and multiple remotely hosted services through a normalized application programming interface.
Status of Claims
This is a non-final office action in response to Applicant's amendment filed on 10/14/2020. Applicant’s submission has been entered. 
Claims 1, 10, 18 are currently amended claims. Claims 3-5, 12-13 are previously cancelled. Claims 1-2, 6-11, 14-18 are pending in the application. 
Response to Arguments
The Applicant's arguments filed on 10/14/2020 with respect to Claims 1-2, 6-11, 14-18 have been fully considered. 
Examiner acknowledges that applicant has amended claim 1 (similarly claim 10 and claim 18) specifying with amendment underlined reciting “in response to the invocation of the first API, synchronizing a preset address book of the enterprise application system stored at the social networking application with organization structure information of the enterprise via the first API, the synchronizing including adding to the preset address book a user identifier of a first new employee at the social networking application based on a corresponding update in the organization structure information;” among other things.
Specifically regarding to claim 1, applicant argued, see pages 11-14 of the Remarks filed 10/14/2020, that Mahaffey and Cobb reference do not teach the amended limitation recited above referring to the adding of new employee at the social networking application based on corresponding update in the organization information. The examiner agrees with applicant’s argument. However upon updated search, the examiner found a new reference that teaches the amended feature. Therefore the examiner asserts applicant’s argument is moot in view of the new ground of rejection with newly applied prior art Chapman.
Claim Objections
Claim 2 is objected to because of the following informalities:  
Claim 2 line 1, “wherein obtaining permission information corresponding to the application system…” may read as “wherein obtaining permission information corresponding to the enterprise application system…”.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 6-11, 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Yoshinari (US20150248543, hereinafter, "Yoshinari"), in view of Mahaffey et al .
Regarding claim 1, Yoshinari teaches:
		A data processing method (Yoshinari, [Abstract] An information processing device issues a service code in response to an API use request) performed at a computer system having one or more processors and memory (Yoshinari, Fig. 2, CPU 101 and memory 102 and 103) for storing a plurality of programs managing application programming interfaces (APIs) [of a social networking application] and mobile application entrances (Yoshinari, [0006] The service code processor is configured to generate a service code in response to an API use registration request (i.e. API invocation request)), the method comprising:
		receiving, [at the social networking application], an application programming interface (API) invocation request initiated by an enterprise application system corresponding to an enterprise (Yoshinari, referred as company (i.e. enterprise), e.g. para [0100]) [that includes a plurality of employees], the API invocation request carrying an identifier of a mobile application entrance to which the enterprise application system belongs, an application system identifier, and first authentication information (Yoshinari, [0006] The service code processor is configured to generate a service code in response to an API use registration request (i.e. API invocation request) transmitted from an application provider device (i.e. initiated by application system). The API use registration request relates to service using an application program that uses the API….The service code processor is configured to make service identification information and use API information of the service correspond to the service code and register the service identification information (i.e. application system identifier), the use API information, and the service code…The license processor is configured to perform issuing license information to the application user. The application user is indicated by the user-specific information (i.e. identifier of mobile application entrance) corresponding to the license information (i.e. first authentication information)), [wherein each of the employees has a user account on the social networking application] (See Mahaffey below for social networking application, employees and user account); 
		obtaining permission information corresponding to the enterprise application system according to the identifier of the mobile application entrance and the application system identifier (Yoshinari, [0006] The license approval information indicates an approved/ disapproved state of the information access authority.  The license processor is configured to make the license approval information correspond to the license information and register the license approval information (i.e. permission information) and the license information); 
		performing authentication on the API invocation request according to the permission information and the first authentication information (Yoshinari, [0010] When an API use request is performed in association with execution of the service application, the authentication processor is configured to perform an authentication process with reference to the registration information obtained by the registration information acquisition unit based on the service code and the license information regarding the API use request); 
		in accordance with a determination that the authentication succeeds (Yoshinari, see e.g. Fig. 16 decision step S402 Authentication passed is Y (i.e. yes, or succeeds)):
(Yoshinari, [0010] The license approval information is configured to indicate (i.e. sending) an approved (i.e. succeeds)/disapproved state of the information access authority using the API indicated by the use API information. See Fig. 16. And [0138] If the authentication is passed, the API server 20 proceeds from Step S402 to Step S403 and performs the result management process with the function of the result management unit 22. Also [0143] in response to the request from the service application, the API process is performed (i.e. invokes) as illustrated as Step S404); 
		and in response to the invocation of the first API (Yoshinari, [0143] the API process is performed as illustrated as Step S404, and information in the store information database 31 is accessed), [synchronizing a preset address book of the enterprise application system stored at the social networking application with organization structure information of the enterprise via the first API, the synchronizing including adding to the preset address book a user identifier of a first new employee at the social networking application based on a corresponding update in the organization structure information] (see Mahaffey-Cobb-Chapman below for limitations in bracket);
		receiving from the enterprise application system a first encrypted message to be sent to a client device associated [with the first new employee of the enterprise having a first user account on the social networking application], wherein the first encrypted message carries the user identifier that identifies the [first new employee at the social networking application] and the client device is configured [to decrypt the first message] (Yoshinari, Fig. 8, step S300. And [0119] The user device 4 logs on the user WEB 13 using the login password, the user ID, or similar information given to the application user as Step S300 (i.e. login as the operation instruction)); (see Chapman for first new employee below)
		receiving an encrypted operation message sent by the [first new employee via the social networking application] in response to the first encrypted message, the operation message carrying the user identifier and an operation instruction (Yoshinari, Fig. 8, step S300 (i.e. operation message). And [0119] The user device 4 logs on the user WEB 13 using the login password, the user ID). Examiner notes the user is interpreted as the employee, or vice versa in view of Mahaffey’s teaching of employee below; 
		determining by searching [the synchronized preset address book] according to the user identifier that the operation message corresponds to a message for the enterprise application system (Yoshinari, Fig. 8, S121 show license list display. And [0120] the registration server 10 recognizes the application user (i.e. according to the user identifier) and provides a license list screen regarding the application user on the user WEB 13 at Step S121); 
		forwarding the operation message to the enterprise application system, so that the enterprise application system performs data processing according to the operation instruction (Yoshinari, Fig. 8 S124, and [0126] The registration server 10 obtains the license approval information, which indicates "approved" or "disapproved (approval denied)", at Step S123. At Step S124, the registration server 10 registers the license approval information with the registration database 30 as the license approval information corresponding to the target license information. Also Fig. 7, step S114 the registration server 10 notifies the provider device 3 of completion of the license issue); 
(Yoshinari, [0109] After registering the license approval information at Step S124, the registration server 10 performs an approval result notification on the user device 4. Also see [0141] the information may be obtained by access of the result management unit 22 to the registration database 30. At Step S435, the result management unit 22 updates the use API information of the application user); 
		While Yoshinari does not explicitly teach of a social networking application, employees of the enterprise and decrypting the encrypted operation message, however in the same field of endeavor Mahaffey teaches: 
		receiving, at the social networking application, an application programming interface (API) invocation request initiated by an enterprise application system corresponding to an enterprise (Mahaffey discloses system and method for authenticating user to a server computer providing access to network resource with social network account in which server or client uses API, see e.g. [0062] The server may require that the client use Facebook's OAuth API (i.e. API invocation request) in order to supply server with a guarantee that the user is allowing access. For example, if a first client has access to a given email or social network account, the server may create an account that is associated with that client. And [0108] the authentication management platform 101 provides a management console that provides the data for the authentication server 102. The server provides an API so that a viewer client can retrieve information) that includes a plurality of employees (Mahaffey, [0162] For a given process (e.g. task completion, action that needs approval before it can happen), authorizations may be triggered when the process originates, … or based on user action (e.g. employee submits expense report, requests to sign contract, …),
		wherein each of the employees has a user account on the social networking application (Mahaffey, [0043] The authorizing client only accepts requests that are validated against the server's public key. The request may be signed/validated against secret information associated with account (e.g. user's account password, or a symmetric or asymmetric key associated with the account)),
		[receiving from the enterprise application system a first encrypted message …] on the social networking application, wherein the first encrypted message carries the user identifier that identifies the [first new employee] at the social networking application and the client device is configured to decrypt the first message (Mahaffey, [0015] FIG. 3C is a flowchart that illustrates a method of credential transaction for the process flow of FIG. 3B under an embodiment in which the encrypted credentials are sent and the authorizing client validates the user. And [0119] the comprehensive login and user authentication platform can be used with one or more different social network platforms, such as Facebook); 
		decrypting the encrypted operation message to extract the user identifier and the operation instruction (Mahaffey, [0054] The problem of being able to decrypt credential information is solved by the requesting client or authorizing client having a decryption key (e.g. symmetric key, or private key), so that the credentials can be decrypted by the requesting client or by the authorizing client which sends them to the requesting client); 
[first new employee], wherein the operation response is decrypted at the client device and rendered to the [first new employee] according to the message format (Mahaffey, [0095] If no response is returned, it is deemed to be a "no" answer... the credentials 346 are encrypted, in which case, the encryption key 348 is also sent to the requesting client (i.e. first employee, or one of the users), … The requesting client then performs the decryption operation to access the credentials.  Alternatively, if the credentials are decrypted 350, they are simply sent from the authentication server 334 to the requesting client 332 as decrypted credentials 350),
		synchronizing organization [structure] information of the enterprise with [a preset address book] of the enterprise application system (Mahaffey, [0046] If the user modified information that was automatically entered, the system detects the modifications (e.g. if a user changes their address in a registration form, they may have moved. This process allows server to automatically update the address it stores for user for use in future account registrations), (see Cobb for structural information and preset address book, Chapman for new employee below)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Mahaffey in the information processing device involving API service of Yoshinari by authenticating user using encrypted credential with server in a social network application. This would have been obvious because the person having ordinary skill in the art would have been motivated to consolidate multi-factor and comprehensive user authentication through API (such as Facebook’s OAuth 
		While the combination of Yoshinari-Mahaffey does not explicitly teach of synchronizing organization structure information of the enterprise with preset address book, however in the similar field of endeavor Cobb teaches: 
		in response to the invocation of the first API (Cobb, [0035] the programmatic client 116 and client application(s) 114 may access the various services and functions provided by the networked system 102 via the programmatic interface provided by the API server 120), synchronizing organization structure information of the enterprise with a preset address book of the enterprise application system stored at the social networking application with organization structure information of the enterprise via the first API, the synchronizing including adding to the preset address book a user identifier of a [first new employee] at the social networking application based on a corresponding update in the organization structure information (Cobb, see e.g. [0053] the LDAP (or lightweight directory access protocol) system 185 (i.e. preset address book) may provide directory services with a hierarchical structure (or reporting structure) of user identification information (user ID (i.e. user identifier)). And [0066] the LDAP system 185 systematically manages the hierarchy of a business entity. As employees of the business entity are added or removed from the various groups, the groups are updated (i.e. synchronizing) with the current user IDs in the LDAP system 185);
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Cobb in the information processing device involving API service of Yoshinari-Mahaffey by updating user 
		While the combination of Yoshinari-Mahaffey-Cobb teaches synchronizing organization structure information with user ID of employee based on a corresponding update in the organization structure information, but does not appear to explicitly teach first new employee, however in the similar field of endeavor Chapman teaches: 
		[in response to the invocation of the first API, synchronizing a preset address book of ..., the synchronizing including adding to the preset address book a user identifier of] (see Cobb for limitations in bracket above) a first new employee at the social networking application based on a corresponding update in the organization structure information (Chapman, [0025] if the workflow appliance 104 determines that address books including contact information for members of the organization stored on a source 106 have been updated, the workflow appliance 104 will automatically import the latest address books and/or latest contact information (i.e. synchronizing address book)… the workflow appliance 104 may be configured upon detection of updated contact information including a new employee to initiate new employee training…).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have employed the teachings of Chapman in the information processing device involving API service of Yoshinari-Mahaffey-Cobb by updating new employee information to latest address books and/or contact information for members of organization. This would have been obvious because the person having ordinary skill in the art 

		As per claim 10 and claim 18, the combination of Yoshinari-Mahaffey-Cobb-Chapman discloses:
	A computer system, a non-transitory computer readable storage medium respectively, to perform operations of method steps substantially similar to the method claim 1, therefore are rejected with the same reason set forth as rejection of claim 1 above.

Regarding claim 2, similarly claim 11, the combination of Yoshinari-Mahaffey-Cobb-Chapman further teaches:
		The method according to claim 1, the computer system according to claim 10,
		wherein obtaining permission information corresponding to the application system according to the identifier of the mobile application entrance and the application system identifier comprises: obtaining a corresponding permission information set from a preset database according to the identifier of the mobile application entrance (Yoshinari, [0116] Then, the registration server 10 performs registration on the registration database 30 (i.e. preset database) at Step S113.  In this case, the registration server 10 makes the service application related to the request at this time correspond to the already registered service code and registers a set of one or the plurality of user-specific information (i.e. identifier of the mobile application entrance) and the license information); and obtaining permission information (Yoshinari, [0088] Subsequently, the registration server 10 performs registration to the registration database 30 at Step S103.  At this point, the registration server 10 registers the service identification information and the use API information, which are obtained at Step S102, and the information on the application provider (i.e. the application system identifier) recognized at Step S100 making them associated with one another and correspond to the generated service code. And [0090] At Step S6, the provider device 3 provides the service application to the user device 4 (i.e. third-party application system)).

Regarding claim 6, similarly claim 14, the combination of Yoshinari-Mahaffey-Cobb-Chapman further teaches:
		The method according to claim 1, the computer system according to claim 10,
		wherein the preset address book of the enterprise application system is stored on the computer system, the method further comprising: prior to the synchronizing: obtaining an address book synchronization message from the enterprise application system, the address book synchronization message carrying second authentication information (Mahaffey, [0046] Authentication and other information are entered on behalf of user. The system collects (i.e. obtaining and stored) information (i.e. message) for the user (e.g. username, address, name, email address, etc.)…Examiner notes that the second authentication information can be address or email address of the user, and also it is inherent obtaining address book synchronization message is prior to the synchronization); and synchronizing the preset (Mahaffey, [0046] If the user modified information that was automatically entered, the system detects the modifications (e.g. if a user changes their address in a registration form, they may have moved. This process allows server to automatically update the address it stores for user for use in future account registrations). The system can ask the user if they want to update (i.e. synchronizing) information on server based on modification). See Cobb for preset address book as in claim 1 above.

Regarding claim 7, similarly claim 15, the combination of Yoshinari-Mahaffey-Cobb-Chapman further teaches:
		The method according to claim 6, the computer system according to claim 14, wherein synchronizing the preset address book according to the address book synchronization message (see Mahaffey specifically for claim 6 above) 
		Cobb further teaches: 
		comprises, obtaining latest organization information from the enterprise application system according to the synchronization message, the latest organization information including organization structure information and user information under an organization structure (Cobb, [0066] the grouping module 240 provides functionality to maintain or update the groups consuming the system resources… a company's lightweight directory access protocol (LDAP) system 185 (i.e. address book) (shown in FIG. 1D) may be the source of hierarchical information for the business entity. The LDAP system 185 may represent an industry standard application protocol for accessing and maintaining distributed directory information services); synchronizing organization structure information in the preset address book on the basis of the organization structure information in the organization information (Cobb, [0066] the LDAP system 185 systematically manages the hierarchy of a business entity (i.e. organization structure information). As employees of the business entity are added or removed from the various groups, the groups are updated (i.e. synchronizing) with the current user IDs in the LDAP system 185); and synchronizing user information in the preset address book on the basis of the user information in the organization information (Cobb, [0074] At operation 321, a group is determined based upon an organizational structure of a business entity.  At operation 322, the plurality of users 106 associated with the group is automatically updated based on changes in the organizational structure). 

Regarding claim 8, similarly claim 16, the combination of Yoshinari-Mahaffey-Cobb-Chapman further teaches:
		The method according to claim 7, the computer system according to claim 15,
wherein synchronizing organization structure information in the preset address book on the basis of the organization structure information in the organization information comprises: obtaining a mapping between a department identifier of each department under the organization structure and a department mobile service identifier (Cobb, [0021] In various example embodiments, systems and methods of managing system resources are described… a business entity may be divided into groups of people based on business units or business divisions, where each group is allocated (i.e. mapping) a budget for system resources (i.e. mobile service), such as [0043] A user 106 may access the searching engine 166 via a mobile device and generate a search query); 
		Mahaffey further teaches: 
		and performing updating, insertion, and/or deletion on the organization structure information in the address book on the basis of the organization structure information in the organization information and the mapping (Mahaffey, [0046] If the user modified information that was automatically entered, the system detects the modifications (e.g. if a user changes their address in a registration form, they may have moved.  This process allows server to automatically update the address it stores for user for use in future account registrations). The system can ask the user if they want to update information on server based on modification). 

Regarding claim 9, similarly claim 17, the combination of Yoshinari-Mahaffey-Cobb-Chapman further teaches:
		The method according to claim 7, the computer system according to claim 15,
		wherein synchronizing user information in the preset address book on the basis of the user information in the organization information comprises: determining a to-be-processed user queue according to the user information in the organization information and user information in the address book; and performing updating, insertion, and/or deletion on the user information in the address book according to the to-be-processed user queue (Mahaffey, [0039] authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, and [0046] If the user modified information that was automatically entered, the system detects the modifications (e.g. if a user changes their address in a registration form, they may have moved.  This process allows server to automatically update the address it stores for user for use in future account registrations).  The system can ask the user if they want to update information on server based on modification). 
		Cobb and Chapman further teaches address book (Cobb, see e.g. [0053] the LDAP system 185 (i.e. preset address book). And Chapman, e.g. [0025] the workflow appliance 104 will automatically import the latest address books and/or latest contact information (i.e. synchronizing address book)).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL M LEE whose telephone number is (571)272-1975.  The examiner can normally be reached on M-F: 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.


/MICHAEL M LEE/Examiner, Art Unit 2436

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436