DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is a reply to the request for Continued Examination (RCE) filed on 01/12/2021 with the amendment filed on 12/09/2020, in which Claim(s) 1-20 are presented for examination. Claim(s) 1, 2, and 6-10 are amended. No claim(s) are cancelled or newly added.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/12/2021 has been entered.

Response to Arguments
Claim Objection: 
Applicant’s arguments with respect to objection of claim(s) 9 and 10 have been considered. The objection of claim(s) 9 and 10 have been withdrawn in view of the amendment to claim.

Claim Rejections - 35 U.S.C. § 102 and 35 U.S.C. § 103:
Applicants’ arguments, see pages 7-9, filed 12/09/2020, regarding the U.S.C. 102 and 103 rejections of Claims 1-20 have been fully considered and are not persuasive.
First, Applicants argue that Angal does not teach or suggest "determining whether an application of the first computing device is presenting an authentication prompt to a user," much less "in response to receiving the user credential," as recited in claim 1.
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Angal teaches “in response to receiving the user credential, determining whether an application of the first computing device is presenting an authentication prompt to a user” ([0043], “receive log-in or authentication information from a user of the client machine 150”, [0044], “check whether the activation information received from a corresponding resource includes a (optional) token”, “if it is determined that the token is present in the activation information (e.g., mSM) and that the token is valid, the user device security manager 151 may not prompt the user with a log-in page”, “the authentication screen (e.g., web page), as illustrated in FIG. 1F”, i.e. once receive the credential, determining whether an authentication prompt need to be presented).
Second, Applicants argue that Angal does not teach or suggest, "in response to determining that the authentication prompt is not being presented, storing the received user credential in a credential manager maintained by the first computing device," as recited in claim 1.
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Angal teaches the above limitations in [0044] and [0045].
Third, Applicants argue that Angal does not teach or suggest claim 1's newly added feature of "receiving a user credential from a credential manager maintained by a second computing device in response to a user selection by a user of the second computing device.
Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Angal teaches the newly added feature, e.g. in [0036].
Besides, in response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Therefore, the rejection is maintained.

Applicant is encouraged to schedule an interview with the Examiner prior to the next communication to compact prosecution of the case.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed 

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1-3, 10-12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Rajeev Angal (US 2014/0020070 A1) in view of Mahaffey et al. (US 2014/0189808 A1).
Regarding Claim 1, Angal discloses
a first computing device ([0025], “client machines 150”) to perform operations comprising: 
receiving a user credential ([0044], “the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user”) in response to a user selection by a user ([0036], “The user may select the form of activation of the user device security manager 151”);  
in response to receiving the user credential, determining whether an application of the first computing device is presenting an authentication prompt to a user of the first computing device ([0010], “an application on the user device”, [0025], “client machines 150”, [0043], “receive log-in or authentication information from a user of the client machine 150”, [0044], “check whether the activation information received from a corresponding resource includes a (optional) token associated with the user”, “if it is determined… the user device security manager 151 may not prompt the user with a log-in page”, “the authentication screen (e.g., web page), as illustrated in FIG. 1F”, i.e. once receive the credential, determining whether an authentication prompt need to be presented); and 
in response to determining that the authentication prompt is not being presented ([0044], “The (optional) token may represent that the user is authenticated on the client machine 150, and hence the user may not need to be prompted for authentication as long as the token remains valid”, “if it is determined that the token is present in the activation information (e.g., mSM) and that the token is valid, the user device security manager 151 may not prompt the user with a log-in page”), storing the received user credential in a credential manager maintained by the first computing device ([0045], “the (optional) token may be stored in the appropriate secure storage on the client machine 150”). 
Angal does not explicitly teach but Mahaffey teaches a user credential from a credential manager maintained by a second computing device ([0095], “credentials and encryption keys are stored on the authenticating server”); a user of the second computing device ([0041], “a server can be utilized by a user”).
Angal and Mahaffey are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mahaffey with the disclosure of Angal when there is no authentication prompt on the first device, stores the user credentials (as disclosed by Angal) received from a credential manager on the second device (as taught by Mahaffey). The 

Regarding Claim 2, the combined teaching of Angal and Mahaffey teaches in response to determining that an authentication prompt is being presented to the user of the first computing device (Angal, [0025], “client machines 150”), populating one or more fields of the presented authentication prompt with the user credential (Mahaffey, [0112], “prompts the user to login”, “It receives the credentials back from the servers…and automatically fills in the username/password”).  

Regarding Claim 3, the combined teaching of Angal and Mahaffey teaches receiving, from the second computing device, a request to convey the user credential to the first computing device (Angal, [0098], “a first request issued from an application to access remote resources associated with a web service”, [0099], “security information of the application may be acquired”); and 
establishing a secure wireless connection with the second computing device to receive the user credential (Mahaffey, [0057], “a wireless connection”, [0066], “create a secure connection”).  

Regarding Claim 10, Angal discloses
receiving a request from the user to send one of the plurality of user credentials to a second computing device ([0025], “client machines 150”, [0098], “a and 
in response to the request, sending the user credential to the second computing device ([0025], “client machines 150”, [0044], “the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user”), wherein the second computing device is configured to: 
determine whether an application of the second computing device is presenting an authentication prompt to a user ([0010], “an application on the user device”, [0025], “client machines 150”, [0044], “check whether the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user”, “if it is determined… the user device security manager 151 may not prompt the user with a log-in page”); and 
in response to determining that the authentication prompt is not being presented ([0044], “The (optional) token may represent that the user is authenticated on the client machine 150, and hence the user may not need to be prompted for authentication as long as the token remains valid”, “if it is determined that the token is present in the activation information (e.g., mSM) and that the token is valid, the user device security manager 151 may not prompt the user with a log-in page”), store the user credential in a credential manager maintained by the second computing device ([0045], “the (optional) token may be stored in the appropriate secure storage on the client machine 150”).  
a first computing device maintaining a credential manager that stores a plurality of user authentication credentials for authenticating a user ([0095], “credentials and encryption keys are stored on the authenticating server”).
Angal and Mahaffey are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mahaffey with the disclosure of Angal when there is no authentication prompt on the first device, stores the user credentials (as disclosed by Angal) received from a credential manager on the second device (as taught by Mahaffey). The motivation/suggestion would have been for a consolidated multi-factor user authentication and log-in system for applications using an authenticating client device (Mahaffey, [0001]).

Regarding Claim 11, the combined teaching of Angal and Mahaffey teaches in response to determining that an authentication prompt is being presented, populate one or more fields of the presented authentication prompt with the user credential (Mahaffey, [0112], “prompts the user to login”, “It receives the credentials back from the servers…and automatically fills in the username/password”).  

Regarding Claim 12, the combined teaching of Angal and Mahaffey teaches the first computing device sending, to the second computing device, a request to send the user credential to the second computing device (Angal, [0098], “a first and 
the first computing device establishing a secure wireless connection with the second computing device to receive the user credential (Mahaffey, [0057], “a wireless connection”, [0066], “create a secure connection”).  

Regarding Claim 19, Angal discloses
a first computing device ([0025], “client machines 150”);
receiving a user credential ([0044], “the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user”); 
determining whether an application of the first computing device is presenting an authentication prompt to a user ([0010], “an application on the user device”, [0025], “client machines 150”, [0044], “check whether the activation information received from a corresponding resource includes a (optional) token (e.g., AuthN Token) associated with (e.g., registered for) the user”, “if it is determined… the user device security manager 151 may not prompt the user with a log-in page”); and    
in response to determining that the authentication prompt is not being presented ([0044], “The (optional) token may represent that the user is authenticated on the client machine 150, and hence the user may not need to be prompted for authentication as long as the token remains valid”, “if it is determined that the token is present in the activation information (e.g., mSM) and that the token is valid, the user device security manager 151 may not prompt the user with a log-in page”), providing the user credential to a credential manager of the first computing device for storage ([0045], “the (optional) token may be stored in the appropriate secure storage on the client machine 150”).  
Angal does not explicitly teach but Mahaffey teaches 
a wireless interface ([0046], “a mobile interface”, [0057], “a wireless connection”);
a user credential from a credential manager maintained by a second computing device ([0095], “credentials and encryption keys are stored on the authenticating server”);
in response to determining that the authentication prompt is being presented, providing the user credential to authenticate the user in response to the authentication prompt ([0112], “prompts the user to login”, “It receives the credentials back from the servers…and automatically fills in the username/password”). 
Angal and Mahaffey are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mahaffey with the disclosure of Angal when there is no authentication prompt on the first device, stores the user credentials (as disclosed by Angal) received via the wireless interface from the second device and provides the user credential to authenticate the user in response to the authentication prompt (as taught by Mahaffey). The motivation/suggestion would have been for a consolidated multi-factor user authentication and log-in system for applications using an authenticating client device (Mahaffey, [0001]).

Claims 4, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Rajeev Angal (US 2014/0020070 A1) in view of Mahaffey et al. (US 2014/0189808 A1) further in view of Azim et al. (US 2015/0278504 A1).
Regarding Claims 4 and 13, the combined teaching of Angal and Mahaffey does not explicitly teach but Azim teaches wherein the secure wireless connection is an ad-hoc wireless connection (Azim, [0024], “network 250 may include… an ad hoc network”).  
Angal, Mahaffey and Azim are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Azim with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to provide secure wireless connection when necessary or needed.

Regarding Claim 20, the combined teaching of Angal and Mahaffey teaches receiving, from the second computing device, a request to convey the user credential to the first computing device (Angal, [0098], “a first request issued from an application to access remote resources associated with a web service”, [0099], “security information of the application may be acquired”); and 
establishing a secure wireless connection with the second computing device to receive the user credential (Mahaffey, [0057], “a wireless connection”, [0066], “create a secure connection”).  
wherein the secure wireless connection is an ad-hoc wireless connection (Azim, [0024], “network 250 may include… an ad hoc network”).  
Angal, Mahaffey and Azim are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Azim with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to provide secure wireless connection when necessary or needed.

Claims 5, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Rajeev Angal (US 2014/0020070 A1) in view of Mahaffey et al. (US 2014/0189808 A1) further in view of Hutchinson et al. (US 2018/0176223 A1).
Regarding Claims 5, and 14, the combined teaching of Angal and Mahaffey does not explicitly teach sending a public key of the first computing device to the second computing device; and establishing a shared key with the second computing device based on a public key received from the second computing device and a private key corresponding to the sent public key; and wherein the received user credential is encrypted by the public key of the first computing device and encrypted by the shared key.  
Hutchinson teaches 
sending a public key of the first computing device to the second computing device; and establishing a shared key with the second computing device based on a public key received from the second computing device and a private key corresponding to the sent public key; and wherein the received user credential is encrypted by the public key of the first computing device and encrypted by the shared key (Figs 2 & 3, [0027], “requesting the user to enter an authenticator, encrypting the received authenticator using the secret key of the access device, encrypting the obtained single access encrypted authenticator using the public key of the personal device and storing the obtained double personal +access encrypted authenticator”).  
Angal, Mahaffey, and Hutchinson are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hutchinson with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to provide a simple and secure solution enabling to use diverse authentication delegation on personal devices (Hutchinson, [0008]).

Claims 6-7, and 15, 16 are rejected under 35 U.S.C. 103 as being unpatentable over Rajeev Angal (US 2014/0020070 A1) in view of Mahaffey et al. (US 2014/0189808 A1) further in view of Raffa et al. (US 2014/0176436 A1).
Regarding Claims 6 and 16, the combined teaching of Angal and Mahaffey does not explicitly teach sending, to the second computing device, contact information about the user of the first computing device, wherein the second computing device is configured to determine whether to establish the secure wireless connection based on a comparison of the contact information with contact information maintained by the second computing device.
Raffa teaches sending, to the second computing device, contact information about the user of the first computing device, wherein the second computing device is configured to determine whether to establish the secure wireless connection based on a comparison of the contact information with contact information maintained by the second computing device ([0059], “to compare the video data (as contact information maintained by the second computing device) and the sensor data (as contact information about a user of the first computing device) …and to establish a secure wireless connection between the computing device 220 and the computing device 120”).
Angal, Mahaffey, and Raffa are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Raffa with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to significantly increase the reliability and simplicity of establishing secure wireless connections between devices (Raffa, [0011]).

Regarding Claims 7 and 15, the combined teaching of Angal and Mahaffey does not explicitly teach receiving, from the second computing device, contact information about the user of the second computing device; and determining whether to establish the secure wireless connection based on a comparison of the contact information with contact information maintained by the first computing device.
Raffa teaches receiving, from the second computing device, contact information about a user of the second computing device; and determining whether to establish the secure wireless connection based on a comparison of the contact information with contact information maintained by the first computing device ([0059], “to compare the video data (as contact information maintained by the first computing device) and the sensor data (as contact information about a user of the second computing device) …and to establish a secure wireless connection between the computing device 220 and the computing device 120”).
Angal, Mahaffey, and Raffa are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Raffa with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to significantly increase the reliability and simplicity of establishing secure wireless connections between devices (Raffa, [0011]).

Claims 8-9, and 17, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Rajeev Angal (US 2014/0020070 A1) in view of Mahaffey et al. (US 2014/0189808 A1) further in view of Barbosa et al. (US 2018/0083959 A1).
Regarding Claims 8 and 18, the combined teaching of Angal and Mahaffey does not explicitly teach but Barbosa teaches receiving, from the second computing device, metadata about the user credential; and using the metadata to determine whether the user credential is relevant to an authentication prompt presented to the user of the first computing device (Barbosa, [0006], “sending a request for a one-time token from a login page to a communication server, establishing a secure channel between the login page and the communication server, sending a one-time token from the communication server to the login page, broadcasting the one-time token (as the metadata) from the login page to a mobile device having a password manager and an associated database with predetermined user credentials, using a first predetermined strategy with the mobile device to read the one-time token, transmitting the one-time token from the password manager of the mobile device to the communication server, verifying the one-time token with the communication server and sending the verified one-time token to the login page, forwarding a request for credentials to the communication server if the verified one-time token matches the one-time token initially provided by the communication server, sending the request for credentials from the communication server to the password manager of the mobile device”).
Angal, Mahaffey and Barbosa are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barbosa with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to greatly reduce the number of barriers that a user with disability encounters when trying to use password-based authentication (Barbosa, Abstract).

Regarding Claims 9 and 17, the combined teaching of Angal and Mahaffey does not explicitly teach but Barbosa teaches sending metadata about the authentication prompt to the second computing device, wherein the metadata is used by the second computing device to determine whether the credential manager includes a user credential relevant to an authentication prompt (Barbosa, [0006], “sending a request for a one-time token from a login page to a communication server, establishing a secure channel between the login page and the communication server, sending a one-time token from the communication server to the login page, broadcasting the one-time token (as the metadata) from the login page to a mobile device having a password manager and an associated database with predetermined user credentials, using a first predetermined strategy with the mobile device to read the one-time token, transmitting the one-time token from the password manager of the mobile device to the communication server, verifying the one-time token with the communication server and sending the verified one-time token to the login page, forwarding a request for credentials to the communication server if the verified one-time token matches the one-time token initially provided by the communication server, sending the request for credentials from the communication server to the password manager of the mobile device”).
Angal, Mahaffey and Barbosa are analogous art as they are in the same field of endeavor of information security. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Barbosa with the combined teaching of Angal and Mahaffey. The motivation/suggestion would have been to greatly reduce the number of barriers that a 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHENG-FENG HUANG whose telephone number is (571)272-6186.  The examiner can normally be reached on Monday-Friday: 9 am - 5 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A Shiferaw can be reached on (571) 272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 






/CHENG-FENG HUANG/Examiner, Art Unit 2497