Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is responsive to communications filed 1/31/21   Claims 1-20 were pending in the previous action.  No claims were cancelled and no new claims were added.  Claims 1, 12 and 20 were amended.  Accordingly, Claims 1-20 have been examined and are pending.

Terminal Disclaimer
The terminal disclaimer filed on 1/31/21 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of US Patent 10785222 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20  are rejected under 35 U.S.C. 103 as being unpatentable over Mahaffey et al (US 2014/0189808 A1) in view of Lander et al US 2018/0097802 A1) further in view of Hitchcock et al (US 2016/0164863 A1) 
Regarding Claim 1, Mahaffey teaches a method, comprising:
Mahaffey: [0044] browser “plug-in”; [0113] ref FIG 5 – “installed browser extension”) to access a data network  (FIG 1 – Request 120, [0093] FIG 3A Request 301; [0102] ref FIG 4C);
initiating another request from the extension to a server to retrieve authentication data to access the data network (Mahaffey  [0047]; [0050]; [0113] ref FIG. 5 “An installed browser extension sends an authentication request to the authentication server”) 
transferring from the server to the extension the authentication data […] (Mahaffey : [0083] “the server can provide a token that the client stores and provides to the server in subsequent interactions”.) ;
transmitting the further request to the data network from the browser, the request comprising the authentication data from the server without manual input of the  authentication data;  (Mahaffey :  [0113] FIG 5; [0136]) 
storing one or more portions of data transferred between the data network and the browser (Mahaffey:  [0076]; [0092] ref FIG 2B; [0102] ref FIG 4C server uses stored credentials.)  the one or more portions of data being evaluated by the server (Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]) 
Mahaffey does not explicitly teach: 
(i) transferring from the server to the extension the authentication data and an instruction to the extension to generate a further request  ;
Lander teaches:
(i) transferring from the server to the extension the authentication data and an instruction to the extension to generate a further request  (Lander:  [0165]-[0169] ref FIG 10) 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lander re: instructions for further requests with those of Mahaffey re: response including redirection (Mahaffey : [0132]  The server sends a response to the client, which may contain … a URL to redirect browser to (e.g. that includes a token) form data to post to a given URL) since Lander makes explicit that which is suggested by Mahaffey in this regard. 
Mahaffey and Lander do not explicitly teach: 
the request being detected by a credential management platform disposed between the browser and the data network, the credential management platform being configured to track data disposed in a data path between the browser and the data network and used to transmit authentication data from the credential management platform to the data network;
Hitchcock teaches: 
the request being detected by a credential management platform disposed between the browser Hitchcock: FIG 1 -  [browser 117]) and the data network  (Hitchcock: FIG 1 - [network site(s) 140]) (Hitchcock: [0047] ref FIG 1 “… the proxy server application 124 may be configured to download only a specific portion of the server account data 166 for a given user, to be stored in the proxy account data 130 The specific portion may be determined in response to a request to access a network site 140 obtained from the client 102),   the credential management platform being Hitchcock: [0014] “… an authentication management proxy server presents security credentials to network sites … according to a domain name of the network site using domain name matching or other groupings. [0023] ref FIG 1, The proxy account data 130 may include … security credentials used to access various network sites or network pages; [0098] ref FIG  3 “… proxy server application 124 authenticates to the authentication service 137 of the network site 140 using the security credentials of the pre-existing account in box 318. Subsequently, the secured resources of the network site 140 may be accessed”
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hitchcock re: authentication using proxy account data for network site access with those of Mahaffey re:  requesting network resources including authentication data from the browser (Mahaffey :  [0113] FIG 5; [0136]) since by doing so “authentication may happen automatically without user intervention” ( Hitchcock:[0098] ) 
Claims 12 and 20 do not teach or define any new limitations above Claim 1.  Therefore similar reasons for rejection apply.


Lander FIG 10 


    PNG
    media_image1.png
    393
    687
    media_image1.png
    Greyscale


Regarding Claim 2 Mahaffey teaches the medhod of claim 1 including storing the authentication data before the detecting the request (Mahaffey:  [0076]; [0092] ref FIG 2B) the authentication data being retrieved by another browser from the data network in response to a prior request (Mahaffey: [0093]- [0094] ref FIG 3A – authorizing client 324; [0136]  “client sets cookies based on a previous session”) 
Regarding Claim 3 Mahaffey teaches the method of claim 2, wherein the another browser is the browser. (Mahaffey
Regarding Claim 4  Mahaffey  teaches The method of claim 1, wherein the authentication data comprises a session cookie generated by the data network  and transmitted to the server over HTTP (Mahaffey : [0044];  [0136]) and configured to be stored at a location automatically determined by the server.(Mahaffey :  [0102] ref FIG 4C server uses stored credentials) 
Regarding Claim 5, Mahaffey teaches the method of claim 1,  wherein the request is a GET request (Mahaffey : [0136])
Claim 18 does not teach or define any new limitations above claim 5.  Therefore similar reasons for rejection apply
Regarding Claim 6, Mahaffey teaches the method of claim 1including authentication using stored data (Mahaffey:  [0102] ref FIG 4C server uses stored credentials.)
Lander teaches: 
wherein the further request is a POST call configured to provide authentication data to the data network, the data network providing data access to the extension and the browser upon accepting the authentication data. (Lander teaches: [0176]; [0206]) 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lander re: posting of authentication data with those of Mahaffey re: the server providing authentication information  (Mahaffey:  [0102] ref FIG 4C server uses stored credentials.) since Lander makes explicit a mechanism for providing this functionality.
Regarding Claim 7 Mahaffey teaches the method of claim 1 further comprising evaluating a copy of the data transferred between the data network and the browser, Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]) 
Regarding Claim 8,  Mahaffey teaches the method of claim 1 further comprising evaluating a copy of the data transferred between the data network and the browser after the data has been stored by the server. (Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]; [0137]; [0139])
Regarding Claim 9, Mahaffey teaches the method of claim 1 further comprising evaluating a copy of the data transferred between the data network and the browser after the data has been stored by the server, to generate an assessment based on the evaluating the copy. (Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]; [0137]; [0139])
Regarding Claim 10 Mahaffey teaches the method of claim 1 wherein the storing the one or more portions of data transferred between the data network and the browser comprises evaluating one or more attributes associated with the data (Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]; [0137]; [0139])
Regarding Claim 11 Mahaffey teaches the method of claim 1 wherein the storing the one or more portions of data transferred between the data network and the browser comprises evaluating one or more attributes associated with the data (Mahaffey : [0063] (5) “… evaluating client-supplied information”; [0076]; [0137]; [0139])
Regarding Claim 13 Mahaffey teaches the system of claim 12, wherein the extension is configured to be in data communication with the server. . (Mahaffey
Regarding Claim 14 Mahaffey teaches the system of claim 12wherein the extension is configured to transfer the data with the data network and the server substantially simultaneously. (Mahaffey :[0050]; [0106] ) 
Regarding Claim 15 Mahaffey teaches the system of claim 12 including session cookies (Mahaffey : [0044];  [0136])
Lander teaches:
wherein the extension is configured to track (Lander: [0158]; [0180]  ref FIG 11)  in a native application the data transferred between the browser and the data network (Lander: [0073] ref FIG 6; [0159]-[0160] ref FIG 10; [0172] ref FIG 11)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lander re: tracking data in a native application using session cookies with those of Mahaffey re: session cookies (Mahaffey : [0044];  [0136])  in order to provide a user with continuation of transactions/sessions across different devices (Lander : [0020]) 
Regarding Claim 16 Mahaffey teaches the system of claim 12, wherein the server is configured to store the authentication data, the authentication data comprising login data. (Mahaffey: [0061],[0063]; [0080] FIG. 2A) 
Regarding Claim 17 Mahaffey teaches the system of claim 12, wherein the server is configured to transmit a signal to the extension, the signal comprising the instruction (Mahaffey: [0092] ref FIGs 1, 2B “The signals processed within the system include the request for the credentials … the returned credentials or other data object in either encrypted or decrypted format, an encryption key, and any other appropriate signal for the data objects and transactions within the system”)

Response to Arguments
Applicant’s arguments with respect to claim rejections under 35 U.S.C. §103 have been considered but are moot based on the grounds of rejection herein.  In particular, it is noted that the features upon which applicant relies are newly added limitations which were not recited in the claims as previously presented (i.e. “the request being detected by a credential management platform disposed between the browser and the data network, the credential management platform being configured to track data disposed in a data path between the browser and the data network and used to transmit authentication data from the credential management platform to the data” network;” Claims 1, 12, 20) 

Citation of Pertinent Prior Art
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Brinskelle (US 2019/0354709 A1) ([0035]; [0149]; [0422]; [03206] ref FIG 5; [0427] ; [0647] ref FIGs 12, 13; FIGs 4A, 7) 
Marchovecchio et al (US 2019/0057204 A)  (Abstract; [0031]; [0051]; [0065]  FIG 1);
Mohomad Abdul et al (US 2020/0007530 A1)  ([0078]-[0079]; [0085]; [0093]; [0118]-[0120] ref FIG 7; [0168]; [0175]-0176]; FIGs 10, 11) 
Foster et al (US 2004/0073666 A1)  ([0026]-[0028] ref FIG 4; [0037]; [0041]; [0043]-[0044] ref FIG 6D) 
Grajek et al (US 2015/0244706 A1)  ([0030]-[0031]; [0059]; [0107]; FIG 5) 
Haugsnes  (US 2015/0334102 A1) ([0018]-[0019]; [0046] FIG. 3 illustrates a process that may be implemented by the frontend framework. With reference to 
Levergood et al (US 2008/0201344 A1)  ([0030]; [0036]; [0051]; FIG 2B) 
Foster et al (US 2004/0073666 A1)  ([0026]-[0028]; [0037]; [0041]-[0044])




Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT A SHAW whose telephone number is (571)270-5643.  The examiner can normally be reached on Monday-Friday 11am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ROBERT A SHAW/Examiner, Art Unit 2455 

/EMMANUEL L MOISE/Supervisory Patent Examiner, Art Unit 2455