DETAILED ACTION

Terminal Disclaimer
		The terminal disclaimer(s) filed on 16 October 2020 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration dates of the full statutory term of the patent(s) granted on U.S. patent(s) 9,979,717 has been reviewed and is accepted.  The terminal disclaimer has been recorded.

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

	Authorization for this Examiner’s Amendment was given in a telephone interview with Felipe Hernandez  (Reg. No. 61,971) on 16 October 2020.
This application has been amended as follows:
IN THE CLAIMS
Replace the following claims listed as follows.

Claim 1:
A system to manage user credentials, comprising:
one or more hardware processors;
memory including instructions that, when executed, cause one or more hardware processors to:
provide, by a non-rendered application, new credentials to a website to perform credential resetting for the website; 
establish, by the non-rendered application, an authenticated session for a user with the website by logging into the website based on the new credentials; and
pass session configuration data corresponding to the established authenticated session from the non-rendered application to a rendering application, the session configuration data to allow the rendering application to continue the established authenticated session to access the website based on the established authenticated session.

Claim 2:
The system as defined claim 1, wherein the instructions are to further cause the one or more hardware processors to provide the new credentials to the website based on a script detecting a prompt from the website for at least one of a user name or a password, the script executed by the rendering application.


Claim 6:
The system as defined claim 1, wherein the session configuration data includes a session cookie to allow the rendering application to continue accessing the website during the authenticated session.


Claim 8:
A storage device or storage disk comprising instructions to manage user credentials, the instructions, when executed, to cause one or more hardware processors to at least:
provide, by a non-rendered application, new credentials to a website to perform credential resetting for the website; 
establish, by the non-rendered application, an authenticated session for a user with the website by logging into the website based on the new credentials; and
pass session configuration data corresponding to the established authenticated session from the non-rendered application to a rendering application, the session configuration data to allow the rendering application to continue the established authenticated session to access the website based on the established authenticated session.

Claim 9:
The storage device or storage disk as defined in claim 8, wherein the instructions are to further cause the one or more hardware processors to provide the new credentials to the website based on a script detecting a prompt from the website for at least one of a user name or a password, the script executed by the rendering application.

Claim 13:
The storage device or storage disk as defined in claim 8, wherein the session configuration data includes a session cookie to allow the rendering application to continue accessing the website during the authenticated session.

Claim 15:
A method of managing user credentials, comprising:
decrypting encrypted current credentials for a website to generate decrypted current credentials; 
providing the decrypted current credentials and new credentials to a non-rendered application;
providing, by executing an instruction with one or more hardware processors, the new credentials from the non-rendered application to the website to perform credential resetting for the website; 
establishing, by executing an instruction with the one or more hardware processors, an authenticated session for a user with the website by logging into the website based on the new credentials; and
passing session configuration data corresponding to the established authenticated session from the non-rendered application to a rendering application by executing an instruction with the one or more hardware processors, the session configuration data to allow the rendering application to continue the established authenticated session to access the website based on the established authenticated session.

Claim 16:
The method as defined in claim 15, further including providing the new credentials to the website based on a script detecting a prompt from the website for at least one of a user name or a password, the script executed by the rendering application.

Claim 20:
The method as defined in claim 15, wherein the session configuration data includes a session cookie to allow the rendering application to continue accessing the website during the authenticated session.


Allow Subject Matter

Claims 1 – 21 are allowed.
The following is an examiner’s statement of reasons for allowance:
The above mentioned claims are allowable over prior arts because the CPA (Cited Prior Art) of record fails to teach or render obvious the claimed limitations in combination with the specific added limitations recited in each of the independent claims 1, 8 & 15 (& associated dependent claims).
The present invention is directed to a method for managing user credentials. In view of the closest prior arts such as U.S. Patent 9,374,369 (by Mahaffey et al.), which (a) provides a user login session of a desktop web site browser can be managed using a headless browser (i.e. a non-rendered application) for a server / client system (incl. selecting an authorizing client (e.g. a user mobile device) and a background context module (managing a background page as a browser extension), to request the credential(s) from the server by sending an authentication request and then login to a target web site (using the obtained credential(s)) w/o entering the user credential(s) from the browser application (Fig.5 & Col. 27 Line 19 – 36 & Col. 25 Line 40 – 45)) and authenticated by an authentication server for its validity to establish a communication session with the target web site accordingly and (b) provides a desktop (web) browser that constitutes a rendering application and the user credential(s) is released to the desktop (web) browser (i.e. the rendering application) to enable the user to login to a target web site w/o entering the user credential(s) from the browser application (Figure 5 / E-502 / E-514 / E-516 and Col. 27 Line 17 – 36).
As such, no singular art disclosing nor motivation to combine has been found to anticipate or render obvious the claimed invention in such particular details of doing so in the context of recited limitations such as providing, by a non-rendered application, new credentials to a website to perform credential resetting for the website; establishing, by the non-rendered application, an authenticated session for a user with the website by logging into the website based on the new credentials; and passing session configuration data corresponding to the established authenticated session from the non-rendered application to a rendering application, the session configuration data to allow the rendering application to continue the established authenticated session to access the website based on the established authenticated session.
Besides, considering the double patenting, the additional claim element(s) of the instant applivation such as passing session configuration data corresponding to the established authenticated session from the non-rendered application to a rendering application can not distinct from the claim element(s) such as generating a session configuration data about the established authenticated session by the non-rendered application and sending the session configuration data to a rendering application.  


Any inquiry concerning this communication or earlier communications from the examiner should be directed to LONGBIT CHAI whose telephone number is (571)272-3788.  The examiner can normally be reached on Monday - Friday 9:00am-5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D. Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

           /LONGBIT CHAI/Primary Examiner, Art Unit 2431                                                                                                                                                                                                                 (No. #2256 - 2021)