PNG
    media_image1.png
    172
    172
    media_image1.png
    Greyscale
United States Patent and Trademark Office
Commissioner for Patents
United States Patent and Trademark Office
P.O. Box 1450
Alexandria, VA 22313-1450
www.uspto.gov











BEFORE THE BOARD OF PATENT APPEALS
AND INTERFERENCES



Application Number: 15/999,154
Filing Date: August 17, 2018
Appellant(s): Transform SR Brands LLC



__________________
Wayne H. Bradley
Reg. No. 39,916
For Appellant


EXAMINER'S ANSWER




This is in response to the appeal brief filed 2/1/2021.  

(1) Grounds of Rejection to be Reviewed on Appeal
Every ground of rejection set forth in the Final Office Action dated 9/4/2010 from which the appeal is taken is being maintained by the examiner except for the grounds of rejection (if any) listed under the subheading “WITHDRAWN REJECTIONS.”  New grounds of rejection (if any) are provided under the subheading “NEW GROUNDS OF REJECTION.”
The following ground(s) of rejection are applicable to the appealed claims:

Claim Rejections - 35 USC § 103
1.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

2.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

3.	Claims 1-3, 5-12, 14-17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Grajek (US PG Pub. 2014/0082715 A1) in view of Soin (US PG Pub. 2008/0127323).
As regarding claim 1, Grajek discloses A system for accessing protected data, the system comprising: 
a secure storage shared between two or more applications on a computing device [para. 28; the persistent identity token is stored in a key store accessible to a plurality of apps]; 
a processor [para. 128]; and 
a memory storing a set of instructions [para. 128] that, when executed by the processor, at least cause the system to: 
obtain a first token associated with a user identity for accessing a first application [para. 27-28; obtaining a persistent identity token]; 
store the first token in the secure storage [para. 28; storing the persistent identity token in a native keystore]; 
send, to an authorization service, the first token, an identifier of a second application, and a device identifier [para. 34, 60, and 90; sending the persistent token, second client app and/or mobile device to the authentication server for additional authentication];  
receive, from the authorization service, a second token authorizing communication between the second application and a web service [para. 60 and 91; the browser receives a new persistent token]; 
Grajek discloses stor[ing] the second token in the secure storage [para. 91; the browser stores the new persistent token].  Grajek does not explicitly discloses the second token replacing the first token; however, Soin discloses it [para. 33 and 65; the new authentication cookie replaces the old authentication cookie].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Grajek’s storing a second token to further 
access, from the web service, protected data associated with the user identity [para. 66 and 95; the client app may use the token to access enterprise service].  

As regarding claim 2, Grajek further discloses The system of claim 1, wherein the instructions that cause the system to obtain a token, further comprise instructions to: 
receive user credentials for a log in to the first application [para. 25-27 and 104; the browser receives user’s credentials]; 
send the user credentials to the authorization service [para. 25-27; the browser sends the user’s credentials to the authentication server for verification]; and 
verify the user credentials at the authorization service [para. 25-27 and 104; the authentication server verifies the user’s credentials].  

As regarding claim 3, Grajek further discloses The system of claim 1, wherein the secure storage is a keychain on an operating system of the computing device [para. 28; the persistent identity token is stored in a key store].  

As regarding claim 5, Grajek further discloses The system of claim 1, wherein at least one of the tokens are valid for a predetermined period of time [para. 28; the token is expired at the token/credential expiration time].  
As regarding claim 6, Grajek further discloses The system of claim 1, wherein the first token is a proxy granting ticket (PGT) [para. 67 and 72; the token is a persistent/session ticket .  

As regarding claim 7, Grajek further discloses The system of claim 1, wherein the second token is a proxy ticket (PT) [para. 67 and 72; the token is a persistent/session ticket (valid for one browser session or other short time [para. 57 and 34])].  

As regarding claim 8, Grajek discloses A method for accessing protected data, comprising: 
obtaining a first token associated with a user identity for accessing a first application on a computing device [para. 27-28; obtaining a persistent identity token]; 
storing the first token in a secure storage on the computing device, wherein the secure storage is shared between two or more applications on the computing device [para. 28; storing the persistent identity token in a native keystore shared by plurality of apps];
sending, to an authorization service, the first token, an identifier of a second application, and a computing device identifier [para. 34, 60, and 90; sending the persistent token, second client app and/or mobile device to the authentication server for additional authentication]; 
receiving, from the authorization service, a second token authorizing communication between the second application and a web service [para. 60 and 91; the browser receives a new persistent token]; 
Grajek discloses stor[ing] the second token in the secure storage [para. 91; the browser stores the new persistent token].  Grajek does not explicitly discloses the second token replacing 
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Grajek’s storing a second token to further comprise replacing the first token, as disclosed by Soin, in order to save storage space, thus, making the overall operation of the system more efficient. 
accessing, from the web service, protected data associated with the user identity [para. 66 and 95; the client app may use the token to access enterprise service].  

As regarding claim 9, Grajek further discloses The method of claim 8, further comprising: 
determining whether the first token is available in the secure storage [para. 28, 60, 104; determining if a previous persistent token is found]; and 
requesting user credentials if the token is unavailable [para. 28, 60, 104; perform user authentication if a previous persistent token is not found].  

As regarding claim 10, Grajek further discloses The method of claim 8, wherein the first token is a proxy granting ticket and the second token is a proxy ticket [para. 67 and 72; the token is a persistent/session ticket].  

As regarding claim 11, Grajek further discloses The method of claim 8, further comprising entering a user name and password to obtain the token [para. 26, 60, 65, and 104].  

As regarding claim 12, Grajek further discloses The method of claim 8, wherein the secure storage is a keychain on an operating system of the computing device [para. 28; the persistent identity token is stored in a key store].  

As regarding claim 14, Grajek further discloses The method of claim 8, wherein authorizing a communication between the second application and the web service comprises establishing a session for a period of time [para. 28; the token is expired at the token/credential expiration time].  

As regarding claim 15, Grajek discloses A non-transitory computer-readable storage medium comprising instructions stored thereon that, when executed by a computing device, cause the computing device to at least:  - 21 -Attorney Docket No. 105562.002019 
obtain a first token associated with a user identity for accessing a first application [para. 27-28; obtaining a persistent identity token]; 
store the first token in the secure storage [para. 28; storing the persistent identity token in a native keystore]; 
send, to an authorization service, the first token, an identifier of a second application, and a device identifier [para. 34, 60, and 90; sending the persistent token, second client app and/or mobile device to the authentication server for additional authentication]; 
receive, from the authorization service, a second token authorizing communication between the second application and a web service [para. 60 and 91; the browser receives a new persistent token]; 
Grajek discloses stor[ing] the second token in the secure storage [para. 91; the browser stores the new persistent token].  Grajek does not explicitly discloses the second token replacing the first token; however, Soin discloses it [para. 33 and 65; the new authentication cookie replaces the old authentication cookie].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Grajek’s storing a second token to further comprise replacing the first token, as disclosed by Soin, in order to save storage space, thus, making the overall operation of the system more efficient. 
Grajek discloses stor[ing] the second token in the secure storage [para. 91; the browser stores the new persistent token].  Grajek does not explicitly discloses the second token replacing the first token; however, Soin discloses it [para. 33 and 65; the new authentication cookie replaces the old authentication cookie].
It would have been obvious to one of ordinary skill in the art at the time the effective filing of the invention to modify Grajek’s storing a second token to further comprise replacing the first token, as disclosed by Soin, in order to save storage space, thus, making the overall operation of the system more efficient.
access, from the web service, protected data associated with the user identity [para. 66 and 95; the client app may use the token to access enterprise service].  

As regarding claim 16, Grajek further discloses The non-transitory computer-readable storage medium of claim 15, further comprising instructions to: 
receive user credentials for a log in to the first application [para. 25-27 and 104; the browser receives user’s credentials]; 
send the user credentials to the authorization service [para. 25-27; the browser sends the user’s credentials to the authentication server for verification]; and 
verify the user credentials at the authorization service [para. 25-27 and 104; the authentication server verifies the user’s credentials].  

As regarding claim 17, Grajek further discloses The non-transitory computer-readable storage medium of claim 15, wherein the secure storage is a keychain on an operating system of the computing device [para. 28; the persistent identity token is stored in a key store].  

As regarding claim 19, Grajek further discloses The non-transitory computer-readable storage medium of claim 15, wherein at least one of the tokens are valid for a predetermined period of time [para. 28; the token is expired at the token/credential expiration time].  

As regarding claim 20, Grajek further discloses The non-transitory computer-readable storage medium of claim 15, wherein the first token is a proxy granting ticket and the second token is a proxy ticket [para. 67 and 72; the token is a persistent/session ticket].
 


(2) Response to Arguments
Appellant's arguments filed 2/1/2021 have been fully considered but they are not persuasive.
a)	With respect to claims 1, 8 and 15:
In the arguments, Appellant contended that combination of Grajek and Soin does not teach or disclose “stor[ing] the second token in the secure storage to replace the first token”.   
Claim 1 only requires storing the first token and the second token in the secure storage area.  Similarly, Grajek discloses storing a first persistent identity token or “first token” associated with a first application in a secure key [para. 28] and a second persistent identity token or “second token” associated with a second application in the secure key [para. 91].  Claim 1 also requires “stor[ing] the second token in the secure storage to replace the first token”.  In other words, claim 1 only requires replacing the old first token with a new second token which is not disclosed by Grajek. However, Soin discloses it [para. 33 and 65; the new authentication cookie replaces the old authentication cookie]. Therefore, Grajek’s storing a first token and a second token in a secure storage when combined with Soin’s replacing an old first token with a new second token reads on “stor[ing] the second token in the secure storage to replace the first token” as recited in claim 1.
In responding to Appellant’s argument “Grajek combined with Soin results in a less efficient operation” with respect to motivation to combine the two references, Examiners respectfully disagree.  The motivation to modify Grajek’s storing the second token to further comprise storing the second token to replace the already stored first token, as disclosed by Soin, in order to save storage space, thus, making the overall operation of the system more efficient.
Claims 8 and 15 are also rejected based on the same arguments that are discussed above regarding claim 1.  

b)	With respect to claims 6, 10 and 20:
	Appellant alleged that Grajek does not disclose that the first token is a proxy granting ticket.  Examiners respectfully disagree.  Grajek discloses that the persistent token/session ticket is being issued by the authentication appliance [para. 58, 67 and 72].  The authentication appliance acts as a proxy server on the user’s behalf to allow the user to access network services [para. 46].  Therefore, Grajek’s persistent token/session ticket granted by authentication appliance is the same as “the first token is a proxy granting ticket”.

c)	With respect to claims 7, 10 and 20:
	Appellant alleged that Grajek does not disclose that the second token is a proxy granting ticket.  Examiners respectfully disagree.  Grajek discloses that the second stronger persistent token/session ticket is also being issued by the authentication appliance [para. 34, 57, 67 and 72].  The authentication appliance acts as a proxy server on the user’s behalf to allow the user to access network services [para. 46].  Thus, the second persistent token/session ticket would be construed as a proxy ticket since it is issued by authentication appliance or “proxy”.  Therefore, Grajek’s second persistent token/session ticket issued by authentication appliance is the same as the second token is a proxy ticket.

For the above reasons, it is believed that the rejections of claims 1-3, 5-12, 14-17, 19 and 20 should be sustained.
WITHDRAWN REJECTIONS
Appellant’s arguments with respect to rejections of claims 4, 13 and 18 have been found persuasive.  Therefore, rejections of claims 4, 13, and 18 are withdrawn.

(3) Requirement to pay appeal forwarding fee
 	In order to avoid dismissal of the instant appeal in any application or ex parte reexamination proceeding, 37 CFR 41.45 requires payment of an appeal forwarding fee within the time permitted by 37 CFR 41.45(a), unless appellant had timely paid the fee for filing a brief required by 37 CFR 41.20(b) in effect on March 18, 2013.

Respectfully submitted,
/THONG P TRUONG/
Examiner, Art Unit 2433      

/JEFFREY C PWU/            Supervisory Patent Examiner, Art Unit 2433                                                                                                                                                                                            


CONFEREES:

/ELLEN TRAN/Primary Examiner, Art Unit 2433       

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433