Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Claims 1-7, 9-19 are pending in this application.


Continued Examination Under 37 CFR 1.114

A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/23/2020 has been entered.


Claim Objections

Claims 12 and 17 recites the limitation "the system module" in line 2, respectively.  There is insufficient antecedent basis for this limitation in the claims.  An appropriate correction is required.


Claim Rejections - 35 USC § 103

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-7, 9-19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Akula et al., US 2012/0210413 A1 (hereinafter Akula) in view of Hyland et al., US 2014/0310792 (hereinafter Hyland).

For claim 1, Akula teaches a method for logging into a system module, wherein the system module is established on a server side (see Fig. 2, [0033], Applications representing module established on server side) and the method comprises: 
establishing a login device, which has a unified invocation interface (see [0030], “Authentication server 190...authenticates users attempting to access protected resources hosted on server systems” and “Authentication server 190 may accordingly maintain the user information (e.g., user identifier-password combinations) required to authenticate each user, in addition to any 
invoking, by a user, the login device via an application software unit, wherein the application software unit invokes the login device via the unified invocation interface (see Fig. 3, [0032] – [0037], [0041], “Authentication server 190 authenticates each user based on authentication information received from the users”, [0056], authenticate the user at a first client system); 
returning, by the login device, to the application software unit, access information of a role corresponding to the user achieved after successfully logging in the docbase management system (see Figs. 2 and 3, [0032] – [0037], [0041], [0056], “After the user is authenticated based on the provided information, browser 210 receives and stores locally a (user) cookie, as an indication of successful authentication of the user” so that user may access requested “user application” wherein user application represents document management system, [0064] and where policy associated with client system represents role corresponding to the user); 
accessing, by the application software unit, the system module by using the access information (see [0032] – [0038] accessing the requested user application); 
when invoked by a user at the first time via an application software unit, authenticating, by the login device, the user, and logging into the system module by using role information of the system module corresponding to the user after a successful authentication (see Fig. 3, 
returning, by the login device, the access information corresponding to the user from the system module to the application software unit, and storing the access information (see Figs. 2-3, [0030] – [0037], [0056] – [0057], “creates a (SSO) session for the user after authenticating the user and allows access to the requested…protected application” and stores authentication information in data store); 
when invoked again by the user via another application software unit, retrieving, by the login device, the stored access information and returning the access information back to the another application software unit used by the user who invokes again (see Fig. 3, [0053] – [0063], when a second client system "different from the first client system" sends in "another request to access a...same...protected application” the SSO block determines if this is the same user that has already been authenticated, and if so then send authentication information to second client system so that the second client may access requested application similar to how the first client accessed the application). 

Hyland teaches “establishing a login device, which has a unified invocation interface, on a client side” (see Fig. 4, [0013] - [0015], “single sign-on credentials that are managed by a client-side computer system. The method begins with the receiving of a request to access third party web services using a authentication service at the client-side computer system to authenticate the identity of the user”, [0044], [0069], “present invention seamlessly integrate client-side SSO authentication infrastructure”).  It would have been obvious to one skilled in the art at the time of the invention to modify the teachings of Akula with the teachings of Hyland to modify the system architecture to provide client-side authentication in order to leverage authentication protocols that already exist at most client-side systems at minimum cost (see Hyland, [0035], “present invention overcome deficiencies of current implementations of SSO by leveraging the SSO authentication protocols that are already utilized at most client-side systems” and “Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services”).  In other words, the teachings of Hyland modify the teachings of Akula with respect to the authentication/login device (authentication server 190 in Akula) being implemented on a client side computer system.

The combination further teaches wherein, authenticating, by the login device, the user comprises: authenticating, by the login device, the user according to authentication information stored in the login device (see Akula, [0019], “authentication server may maintain a registration data”, [0030], “Authentication server 190 may accordingly maintain the user information (e.g., user identifier-password combinations) required to authenticate each user, in addition to any information related to the server systems permitted to use such authentication feature”, Fig. 3, [0032] – [0037], [0041], “Authentication server 190 authenticates each user based on authentication information received from the users”, [0056], authenticate the user at a first client system; Hyland, [0013] - [0015], “single sign-on credentials that are managed by a client-side computer system....authentication service at the client-side computer system to authenticate the identity of the user”).

For claim 2, the combination teaches further comprising: 
registering at least one login device in the computer system according to a predetermined method with each application software unit (see Akula, [0019], “maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature”); 
traversing, by the application software unit, the login devices registered in the computer system according to a predetermined method, and determining one login device as the current invoked login device (see Akula, [0019], “enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session)”, [0060], “identifies whether the second client system is registered (for some user) according to the registration data” represents traversing registration to determine authenticated or current login device). 

For claim 3, the combination teaches the method of claim 2, wherein, registering at least one login device in the computer system according to a predetermined method with the application software unit comprises: 
registering location information of the login devices in the registry of the computer system according to a predetermined method with the application software unit (see Akula, [0041], “authentication information such as a user identifier...complete user name” registering user identifier represents location information; see Applicant’s Specification, US 2018/0083954, [0054], “The location information of the login device includes: the name and/or the location of the login device.”). 

For claim 4, the combination teaches the method of claim 2, wherein, registering at least one login device in the computer system according to a predetermined method with the application software unit comprises:
registering the location information of the login devices in a predetermined directory of the computer system according to a predetermined method with the application software unit (see Akula, [0019], registering and storing user identifiers, [0025], “data store 180 may be implemented as...one or more directories”, [0041], registration data includes “user identifier”). 


installing the login devices in a predetermined directory of the computer system according to a predetermined method with the application software unit (see Akula, [0019], registering and storing user identifiers, [0025], “data store 180 may be implemented as...one or more directories”, [0041], registration data includes “user identifier” and where registration of user identifier in directory represents installation of login device). 

For claim 6, the combination teaches the method of claim 2, wherein, determining one login device as the current invoked login device comprises: providing the information of the login devices traversed to the user, and determining the login device selected by the user as the current invoked login device (see Akula, [0019], “enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session)”, [0060], “identifies whether the second client system is registered (for some user) according to the registration data” represents providing information such that user may access authenticated data ). 

For claim 7, the combination teaches the method of claim 1, wherein, before logging into the system module by using role information of the system module 

For claim 9, the combination teaches the method of claim 1, wherein, storing the access information comprises: 
storing the access information in a shared storage unit of the login device and the application software unit (see Akula, [0025], “Data store 180 represents a non-volatile (persistent) storage facilitating storage and retrieval of a collection of data by applications executing in server systems 160A-160C (and also authentication server 190)” represents shared storage of registration/access data); 
retrieving, by the login device, the stored access information and returns the access information back to an application software unit who invokes comprises: 
acquiring the access information from the shared storage unit, and returning the access information to the application software unit (see Akula, [0019], “enables the user to access any protected resource from registered client 

For claim 10, the combination teaches the method of claim 1, further comprising: 
sending, by the application software unit, a logout request to the login device; 
sending, by the login device, the role logout request to the system module according to the logout request, deleting the access information of the document management role corresponding to the user after the system module logs out the role (see Akula, [0026], “sending the requests” including log out requests to client, [0098], “the entry/row for that session is removed from session data of table 650 when the user logs off from the computer from which the global session is setup”). 

For claim 11, the combination teaches the method of claim 1, wherein, the access information is session channel information of the docbase management system (see Akula, [0037], where “session information” represents session channel information). 


a unified invocation interface, adapted for invoking the login device by an application software unit (see Fig. 3, [0032] – [0037], [0041], “Authentication server 190 authenticates each user based on authentication information received from the users”, [0056], authenticate the user at a first client system); 
an authentication module, adapted to perform user authentication according to authentication information stored in the login device when logged into by a user through the application software unit at the first time (see [0019], “authentication server may maintain a registration data”, [0030], “Authentication server 190 may accordingly maintain the user information (e.g., user identifier-password combinations) required to authenticate each user, in addition to any information related to the server systems permitted to use such authentication feature”, Fig. 3, [0032] – [0037], [0041], “Authentication server 190 authenticates each user based on authentication information received from the users”, [0056], authenticate the user at a first client system); 
a login module, adapted to log into the system module by using role information of the document management corresponding to the user after a successful authentication, and store the access information from the system module after a successful login (see Figs. 2-3, [0030] – [0037], [0056] – [0057], “creates a (SSO) session for the user after authenticating the user and allows 
an access information processing module, adapted to retrieve the stored access information when the user logs in again through another application software unit, and return the access information back to the another application software unit (see Fig. 3, [0053] – [0063], when a second client system sends in "another request to access a...same...protected application” the SSO block determines if this is the same user that has already been authenticated, and if so then send authentication information to second client system so that the second client may access requested application similar to how the first client accessed the application where created “session” provides access when user login in again to “access to the requested (in step 320) protected application”). 

Hyland teaches “establishing a login device, which has a unified invocation interface, on a client side” (see Fig. 4, [0013] - [0015], “single sign-on credentials that are managed by a client-side computer system. The method begins with the receiving of a request to access third party web services using a mobile device and redirecting the mobile device to the web-identification authentication service at the client-side computer system to authenticate the identity of the user”, [0044], [0069], “present invention seamlessly integrate client-side SSO authentication infrastructure”).  It would have been obvious to one skilled in the art at the time of the invention to modify the teachings of Akula with the teachings of Hyland to modify the system architecture to provide client-

For claim 13, Akula teaches the login device of claim 12, further comprising: a registration module, adapted to register the login device in the computer system according to a method predetermined with the application software unit (see Akula, [0019], “maintain a registration data indicating the different client systems/browser instances registered by a user for SSO feature”). 

For claim 14, Akula teaches the login device of claim 13, further comprising: 
a role information storage module, adapted to store the corresponding relation between users and role information of the system module (see [0064] 
the login module, further adapted to achieve the role information of the docbase management system corresponding to the user from the role information storage module after the authentication module performs a successful authentication (see Figs. 2 and 3, [0032] – [0037], [0041], [0056], “After the user is authenticated based on the provided information, browser 210 receives and stores locally a (user) cookie, as an indication of successful authentication of the user” so that user may access requested “user application” wherein user application represents document management system, [0064] and where policy associated with client system represents role corresponding to the user). 

For claim 15, Akula teaches the login device of claim 14, further comprising: 
a judgment module, adapted to judge whether the access information exists in the system, if the access information exists, obtain the stored access information, and return the access information to the same or other application software units (see [0019], “enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session)”, [0060], “identifies whether the second client system is registered (for some user) according to the registration data” represents traversing registration to determine authenticated or current login device); otherwise, authenticate the user and log 

For claim 16, Akula teaches the login device of claim 12, further comprising: 
a logout module, adapted to receive a logout request from the same or other application software units, send the role logout request to the docbase management system, and delete the access information of the document management role corresponding to the user after the system module logs out the role (see Akula, [0026], “sending the requests” including log out requests to client, [0098], “the entry/row for that session is removed from session data of table 650 when the user logs off from the computer from which the global session is setup”). 


For claim 17, Akula teaches a system for logging into a docbase management system, wherein the system module is established on a server side (see Fig. 2, [0033], Applications representing docbase established on server side) and the system for logging into the docbase management system comprises: 
at least one login device and at least two application software units (see [0030], “Authentication server...authenticates users attempting to access protected resources hosted on server systems”, [0032] – [0037], [0041], [0056], where accessing “user application” among multiple applications represents application software units); 

a unified invocation interface, adapted for invoking the login device by the at least two application software units (see [0030], “Authentication server...authenticates users attempting to access protected resources hosted on server systems”, [0032] – [0037], [0041], [0056], where accessing “user application” among multiple applications represents application software units); 
an authentication module, adapted to perform user authentication according to authentication information stored in the login device when logged into by a user through an application software unit of at least two application software units at the first time (see [0019], “authentication server may maintain a registration data”, [0030], “Authentication server 190 may accordingly maintain the user information (e.g., user identifier-password combinations) required to authenticate each user, in addition to any information related to the server systems permitted to use such authentication feature”, Fig. 3, [0032] – [0037], [0041], “Authentication server 190 authenticates each user based on authentication information received from the users”, [0056], authenticate the user at a first client system); 
a login module, adapted to log into the system module by using role information of the document management corresponding to the user after a successful authentication (see Figs. 2 and 3, [0032] – [0037], [0041], [0056], “After the user is authenticated based on the provided information, browser 210 receives and stores locally a (user) cookie, as an indication of successful authentication of the user” so that user may access requested “user application” and store the access information from the system module after a successful login (see [0055] – [0060] maintaining access information of “registered” users for subsequent access to requested resources); and 
an access information processing module, adapted to retrieve the stored access information when the user logs in again through another application software unit of the at least two application software units, and return the access information back to the another application software unit (see Fig. 3, [0053] – [0063], when a second client system "different from the first client system" sends in "another request to access a...same...protected application” the SSO block determines if this is the same user that has already been authenticated, and if so then send authentication information to second client system so that the second client may access requested application similar to how the first client accessed the application, and maintaining access information of “registered” users for subsequent access to requested resources); 
wherein the application software unit comprises: 
a login device invocation interface, adapted to invoke the at least one login device via a unified invocation interface (see [0030], [0036], when accessing application invokes from user “When a user attempts to access any of the applications for the first time or upon trying to expressly logon (e.g., by clicking on a hyperlink intended for logging on) as indicated by request 215, a 
an access information acquisition module, adapted to obtain access information from the system module from the at least one login device (see [0030] – [0036], [0053] – [0063], “identifies whether the second client system is registered (for some user) according to the registration data (maintained in step 310). The registration data/list indicates the corresponding set of client systems registered by users” obtain access information if available); and 
a document management access module, adapted to access the system module by using the access information (see [0027], “server systems 160A-160C...capable of hosting resources and therefore providing access to the hosted resource to users” after authentication represents accessing system module, [0053] – [0063]). 

Hyland teaches “establishing a login device, which has a unified invocation interface, on a client side” (see Fig. 4, [0013] - [0015], “single sign-on credentials that are managed by a client-side computer system. The method begins with the receiving of a request to access third party web services using a mobile device and redirecting the mobile device to the web-identification authentication service at the client-side computer system to authenticate the identity of the user”, [0044], [0069], “present invention seamlessly integrate client-side SSO authentication infrastructure”).  It would have been obvious to one skilled in the art at the time of the invention to modify the teachings of Akula 

For claim 18, the combination teaches the system for logging into the system module of claim 17, wherein the application software unit further comprises: a login device traversing and determining module, adapted to traverse login devices registered in the computer system according to a predetermined method with the login devices, and determine one login device as the current invoked login device (see Akula, [0019], “enables the user to access any protected resource from registered client systems/browser instances without requiring further authentication (based on the presence of the authenticated first session)”, [0060], “identifies whether the second client system is registered (for some user) 

For claim 19, the combination teaches the system for logging into the system module of claim 18, wherein the application software unit further comprises: a logout request sending module, adapted to send a logout request to the at least one login device after the access is completed (see Akula, [0026], “sending the requests” including log out requests to client, [0098], “the entry/row for that session is removed from session data of table 650 when the user logs off from the computer from which the global session is setup”).




Response to Arguments

Applicant’s arguments with respect to claim(s) rejected under 35 U.S.C. 103 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

In Akula, the “authentication server 190 authenticates each user based on authentication information received from the users” (see [0041]), and it stores separate authentication information in the login device (authentication server) in order to authenticate the information received from the user (see [0030], “Authentication server 190 may accordingly maintain the user information (e.g., user identifier-password combinations) required to authenticate each user, in addition to any information related to the server systems permitted to use such authentication feature”).  The authentication server 190 represents a login device that is a separate device from the server systems 160A-160C.  The “authentication server 190” is a login device that authenticates users for accessing resources controlled by each of the separate server systems 160A-160C.  While Akula teaches a separate login device of controlling access to resources controlled by separate server systems, Akula does not expressly disclose a system architecture where the login device expressly operates on a client-side system.  Hyland modifies the teachings of Akula with respect to an authentication/login device (authentication server 190 in Akula) established on a client side system.

		


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Koulomzin, US 9,294,479. 
Lau, US 2012/0204025.
Steele et al., US 2006/0200425. [0044] “the client-side application 105 may manage authentication and querying as separate processes”

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENSEN HU whose telephone number is (571)270-3803.  The examiner can normally be reached on Monday - Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Usmaan Saeed can be reached on 571-272-4046.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/JENSEN HU/Primary Examiner, Art Unit 2169