DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2. Applicant’s arguments filed on 12/01/2020 with respect to independent claims 1 and 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

                                                          Claim Objections
3.    Claim 1 is objected to because of the following informalities:
For claim 1, the claim recite “receiving, at the first server, a request to log into a second account associated with a second server from the terminal device, wherein the request is generated by a built-in browser of when the first account is logged into via the app”;
Examiner believes that this is a typo error, the claim should be: “receiving, at the first server, a request to log into a second account associated with a second server from the terminal device, wherein the request is generated by a built-in browser of the app, when the first account is logged into via the app”. (For examining purposes it will be treated this way). If this is not the case it is asked of the applicant to clarify this and correct any 35 USC 112 problems that may arise.

Appropriate correction is required.


Claim Rejections - 35 USC § 102
4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


5. Claims 1, 6, 8, 10, 15 and 17 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Taveau (US Pub.No.2013/0174244).

6. Regarding claims 1 and 10 Taveau teaches a method for facilitating account login, wherein the method is implemented by a first server that is associated with a first account and an app installed on a terminal device, the method comprising: 
receiving, at the first server [element.130 in fig.1], a request to log into a second account associated with a second server [element.120 in fig.1] from the terminal device [element.104 in 
 wherein the request includes a first identifier [element.203 in fig.2] associated with the first account and a second identifier [elemnt.202 in fig.2] associated with the second server (Para: 0012-0013 teaches a user and a device will be strongly authenticated at an initial login, e.g., using biometric technology. As a result of the strong authentication, a temporary master token will be generated that other applications can leverage by the use of sub-tokens to provide log in security to the app without the app requiring its own login from the user. Thus, the user will be allowed to log in to a device in such a way that a number of apps become accessible on the device without the user having to repeatedly log in to each different app as the user launches multiple apps i.e., providing a master token with a quality score and providing sub-tokens for one or more apps (e.g., each app has its own sub-token) that can use the sub-token and the score quality to evaluate the level of security provided by the initial login, allowing the app to securely shorten or skip its own login process. 
Figs.1-2 and Para: 0030 teaches each sub-token will be created for a particular app on device 104 and may be used only by the app for which the sub-token has been created. For example, sub-token 203 belongs to commercial entity app 234, running on device 104 and which may be used to interact with commercial entity 130 by communicating with purchase app 134. Similarly, sub-token 202 belongs to financial service provider app 224, and so forth as seen in fig. 2. Each sub-token will be created for its particular app by a service provider app (e.g., app 112 or app 114) which may be running on device 104 and which will be the same app which generates the 
Fig.3 and Para: 0037-0038 teaches when the user launches apps (e.g., any of apps 224, 234, 244, 254), the user may be not asked to enter credentials (e.g., phone number and PIN or email and password) as the user has already been verified if the quality score from the master token 201 is in line with the policy developed and accepted by the service provider SP. The app may jump over the login process and go directly to validating a transaction. The transaction may be a purchase, in the case, for example of shopping at merchant entity, e.g., using commercial entity app 234. Moreover, if a shopping checkout process using the service provider 120 comes from another application (e.g., social networking app 254) that has also been validated with a sub-token, the user may just click to pay using the service provider 120 and, to verify the amount, click for confirmation);

generating, at the first server, account information to be transmitted to the second server based on the first identifier; transmitting, from the first server, the account information to the second server based on the second identifier  (Para:0022 teaches account information 128 will include identity information of user 102 and merchants 130, such as one or more full names, business names, street addresses, email addresses and phone numbers, website addresses, or other types of financial information, which may be used to facilitate online transactions between user 102 and merchants 130. Account information 128 or identity app 124 may also include device identifiers (e.g., unique device identifier present on the device, as described above, such as IMEI number) for user devices such as mobile device 104. Thus, identity app 124 may be 
Fig.3, Para: 0030, Para: 0037-0038 teaches validating the amount, which is the account information herein. Wherein the account information is sent from merchant server 234 to financial service provider server 224 to complete the financial transaction via sub tokens 203 and 202 [which are the first and second identifier]); and

wherein the transmission of the account information enables the second server to determine the second account based on an association between the first account and the second account (Para:0022 teaches account information 128 will include identity information of user 102 and merchants 130, such as one or more full names, business names, street addresses, email addresses and phone numbers, website addresses, or other types of financial information, which may be used to facilitate online transactions between user 102 and merchants 130. Thus, identity app 124 may be configured to interact with a merchant server 132, a user 102, mobile device 104, or other payee to process, obtain, and store information for allowing quick payments);

wherein the transmission of the account information enables the second account to be automatically logged into the second server (Fig.2 and Para: 0030 teaches each sub-token will be created for a particular app on device 104 and may be used only by the app for which the sub-token has been created. For example, sub-token 203 belongs to commercial entity app 234, running on device 104 and which may be used to interact with commercial entity 130 by communicating with purchase app 134. Similarly, sub-token 202 belongs to financial service provider app 224, and so forth as seen in FIG. 2. Each sub-token may be created for its particular app by a service provider app (e.g., app 112 or app 114) which may be running on device 104 and which may be the same app which generates the master token 201. 
Para: 0037-0038 teaches when the user launches apps (e.g., any of apps 224, 234, 244, 254), the user may be not asked to enter credentials (e.g., phone number and PIN or email and password) as the user has already been verified if the quality score from the master token 201 is in line with the policy developed and accepted by the service provider SP. The app may jump over the login process and go directly to validating a transaction. The transaction may be a purchase, in the case, for example of shopping at merchant entity, e.g., using commercial entity app 234. Moreover, if a shopping checkout process using the service provider 120 comes from another application (e.g., social networking app 254) that has also been validated with a sub-token, the user may just click to pay using the service provider 120 and, to verify the amount, click for confirmation).  

7.    Regarding claims 6 and 15 Taveau teaches the method and system, wherein the account information transmitted to the second server includes the first identifier; wherein the transmission of the first identifier enables the second server to determine the second account based on a first association between the first identifier and the second account 
(Para:0022 teaches account information 128 will include identity information of user 102 and merchants 130, such as one or more full names, business names, street addresses, email addresses and phone numbers, website addresses, or other types of financial information, which may be used to facilitate online transactions between user 102 and merchants 130. Account information 128 or identity app 124 may also include device identifiers (e.g., unique device identifier present on the device, as described above, such as IMEI number) for user 

8. Regarding claims 7 and 16 Taveau teaches the method and system, wherein the first association is associated with a fourth identifier; wherein the fourth identifier is associated with an app installed on the terminal device (Para: 0014-0015 teaches the fourth identifier associated with the app is the device identifiers (e.g., unique device identifier present on the device, such as IMEI number) for user devices such as mobile device 104).

9.    Regarding claims 8 and 17 Taveau teaches the method and system, wherein the transmission of the first identifier causes the second server to create the second account based on a determination that the first association does not exist when the first identifier is transmitted (Para: 0018 teaches creating an account using the sub token and making a payment to the merchant 130 via service provider 120, wherein the account is created when no association is present. Fig.3, Para: 0030, Para: 0037-0038 teaches when the user launches apps (e.g., any of apps 224, 234, 244, 254), the user may be not asked to enter credentials (e.g., phone number and PIN or email and password) as the user has already been verified if the quality score from the master token 201 is in line with the policy developed and accepted by the service provider SP. The app may jump over the login process and go directly to validating a transaction. The transaction may be a purchase, in the case, for example of shopping at .

Claim Rejections - 35 USC § 103
10. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

11.Claims 3, 4, 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Taveau (US Pub.2013/0174244) as applied to claims 1 and 10 above and further in view of Shukla (US Pub.No.2015/0149766).

12. Regarding claims 3 and 12 Taveau teaches the method and system, further comprising authenticating the second server before transmitting the first identifier to the second server, wherein the authenticating of second server comprises: generating a token and transmitting the token to the second server (Figs.1-2 and Para: 0012-0013, Para: 0030 teaches generating a master token based on identity information of user; and creating sub-tokens from the master token for each apps on the device. Para: 0021 teaches consumers (e.g., user 102) can access apps for making transactions (e.g., payments) with a merchant 130 through a 

Taveau teaches all the above claimed limitations, but does not expressly teach receiving a signature associated with the token from the second server; and determining the validity of the signature; and wherein the second server is authenticated if the signature is determined to be valid.

Shukla teaches receiving a signature associated with the token from the second server; and determining the validity of the signature  (Para: 0021 and Para: 0023 teaches the system will receive the authentication token from a second application server associated with a second mobile application installed on the electronic device. The authentication token received from the second application server may be signed with a device signature using a device private key. The system may authorize the first authentication token by verifying the device signature and the server signature on the authentication token using the device public key and a server public key respectively. Further, the system may transmit, after the authorization, the authentication token to the electronic device via the second application server. The system may enable the electronic device to access the second mobile application using the authentication token authorized. The server signature and the device signature will be a "digital signature" or an "electronic signature" that will ensure authenticity or validity of the authentication token);

and wherein the second server is authenticated if the signature is determined to be valid
(Para: 0021 and Para:0023 teaches the authentication token received from the second application server is signed with a device signature using a device private key, as such the signature is determined to be valid based on the device private key).



13.  Regarding claims 4 and 13 Taveau teaches the method and system, wherein transmitting the token to the second server comprises transmitting the token to the app installed on the terminal device, and the app transmitting the token to the second server (Fig.2 and Para: 0030 teaches each sub-token will be created for a particular app on device 104 and may be used only by the app for which the sub-token has been created. For example, sub-token 203 belongs to commercial entity app 234, running on device 104 and which may be used to interact with commercial entity 130 by communicating with purchase app 134. Similarly, sub-token 202 belongs to financial service provider app 224, and so forth as seen in FIG. 2. Each sub-token may be created for its particular app by a service provider app (e.g., app 112 or app 114) which may be running on device 104 and which may be the same app which generates the master token 201. Alternatively, each app may create its own sub-token using permissions and access granted to the master token 201. For example, app 234 may create sub-token 203, app 224 may create sub-token 202, app 244 may create sub-token 204, and app 254 may create sub-token 205. Creation of sub-tokens may be facilitated by the use of an API for each app, e.g., apps 234, 224, 244, 254, including the "master" service provider app, e.g., apps 112, 114. 
Para: 0037-0038 teaches when the user launches apps (e.g., any of apps 224, 234, 244, 254), the user may be not asked to enter credentials (e.g., phone number and PIN or email and password) as the user has already been verified if the quality score from the master token 201 is in line with the policy developed and accepted by the service provider SP. The app may jump 

14. Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Taveau (US Pub.2013/0174244) and in view of Shukla (US Pub.No.2015/0149766) as applied to claims 3 and 12 above and further in view of Balfanz (US Pat.No.9,325,696).

15. Regarding claims 5 and 14 Taveau in view of Shukla teaches all the above claimed limitations, but does not expressly teach the method and system, wherein the second server is associated with a first key; wherein the signature is generated with a second key; and wherein the signature is determined to be valid if the second key matches the first key.

Balfanz  teaches the method and the system, wherein the second server is associated with a first key [login token] (Col.6, lines.46-47 teaches the web server 302 decodes the login token and check its validity); wherein the signature is generated with a second key [signature bits] (Col.6, lines.22-24 teaches signature code include cryptographic signature bits); and wherein the signature is determined to be valid if the second key matches the first key (Col.6, lines. 31 -58 teaches web server 302 may confirm that the digital signature contained in the "auth=[signature]" bits, verify that an expiration time encoded in the same bits has not expired (for example, by comparing the expiration time against a current server time or by requesting confirmation that the login token remains valid from authentication server 312, decode the user identity. Upon successful verification of the login token, the server may log in the user).

Therefore, to would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify Taveau in view of Shukla to include the second server is associated with a first key, wherein the signature is generated with a second key, and wherein the signature is determined to be valid if the second key matches the first key as taught by Balfanz, since such a setup will result in automatic login to the website, before the expiration time (abstract).

16. Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Taveau (US Pub.2013/0174244) as applied to claims 1 and 10 and in view of VanBlon (US Pub.No.2014/0208407).

 16. Regarding claims 9, 18 Taveau teaches all the above claimed limitations, but does not expressly teach the method and system, wherein the account information transmitted to the second server includes a third identifier associated with the second account; wherein the account information is generated based on an association between the first identifier and the third identifier.

VanBlon teaches the method and system, wherein the account information transmitted to the second server includes a third identifier associated with the second account; wherein the account information is generated based on an association between the first identifier and the third identifier (Para:0029-0030 teaches obtains a token after the user logs into the client side app [first app server], the application passes the token and the destination URL to a remote server to log the user into the remote server [second app server], Para: 0034-0038 teaches an IP address of the requestor, which is the third identifier herein).



                                                      Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506.  The examiner can normally be reached on Mon-Fri: 7:30 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DEREENA T CATTUNGAL/Examiner, Art Unit 2431