DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the amendment filed on 5/11/2020 to application 15/787,812.
In the instant Amendment, claims 1, 3, 5-6, 15, and 17-18 have been amended.  Claims 4, 7, and 16 have been canceled.  Claims 1, 3 and 15 are independent claims.  Claims 1-3, 5-6, 8-15, and 17-20 have been examined and are pending.  This Action is made Non-Final.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/11/2020 has been entered.




 
Response to Arguments
Applicant’s arguments, see Remarks, filed 5/11/2020, with respect to the rejection(s) of claim(s) under Guo (2009/0300744) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Vimpari (2012/0066767).
The Applicant argues in remarks pages 7-8, the limitations, “packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device, wherein packaging comprises packaging the user credentials with the device identification and an application indication that the user credentials correspond to the application, wherein the device identification is only known to the computing device, authentication process, and authentication server, and is hidden from the application.”  The Applicant’s argument is moot, because the prior art of Kumar or Guo do not disclose this limitation.  New art has been applied to reject this limitation (see below for details).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is 
Claim 1-3, 5-6, 9-13, 15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (“Kumar”, US 2013/0104219), published on April 25, 2013, in view of Guo et al. (“Vimpari”, US 2012/0066767), published on March 15, 2012.
 Regarding claim 1, Kumar discloses a method comprising:     receiving, from an application executing on a computing device and by an authentication process executing on the computing device, data representative of user credentials corresponding to the application, the authentication process being isolated from the application (Kumar: par. 29; data processing system checks to determine whether the received user name and password; par. 21; each client application 145 and 149 is configured to provide authentication information in connection with each request for service that it makes; par. 22; a user of the wireless mobile communication device 143 wishes to request a service from a network application; par. 24; token manager 147 [executing on user device] requests various pieces of security information from the user of the wireless mobile communication device 143, such as the name of the user, the user's password);     outputting for transmission, by the authentication process and to the authentication server, an authentication request containing the user credentials and device identification (Kumar: par. 26; token manager causes this information to be sent to a network authentication system; par. 30; name and password are received by the user-password database system which checks to determine whether they match a name; par. 38; data processing system determines whether the device information that it received from the wireless mobile communication device matches device information that is contained in a database);     receiving, by the authentication process and from the authentication server, an indication of authentication of the user credentials (Kumar: par. 43; if all checks are successfully completed, request a session token from a token database system; in response, the token database system creates or obtains a token [e.g., indication] and returns it [e.g., token is the indication] to the network authentication system); and     forwarding the received indication from the authentication process to the application (Kumar: par. 43; send this received session token back to the wireless mobile communication device).     Kumar does not explicitly disclose packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device and an indication that the user credentials correspond to the application, wherein packaging comprises packaging the user credentials with the device identification and an indication that the user credentials correspond to the application, the device identification being hidden from the application, and only known to the computing device, authentication process, and authentication server.     However, in an analogous art, Vimpari discloses disclose packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device (Vimpari: para. 0024-0025, packaging, by the authentication process (i.e. taking place on the data communication platform), the user credentials (i.e. user identifiers) with a device identification (i.e. device identifier) assigned to the UE (i.e. computing device), the packaging is done by combining the user identifiers and device identifier to generate a recipient identifier) and an indication that the user credentials correspond to the application (Vimpari: para. 0024-0025, identification that the user identifiers (i.e. user credentials correspond to the application #113, the application has an application identifier), wherein packaging comprises packaging the user credentials with the device identification and an indication that the user credentials correspond to the application (Vimpari: para. 0003, 0024-0025, packaging, the user credentials (i.e. user identifiers) with a device identification (i.e. device identifier) assigned to the UE (i.e. computing device), the packaging is done by combining the user identifiers and device identifier to generate a recipient identifier, and there is also an application identifier associated with the application), the device identification being hidden from the application, and only known to the computing device, authentication process, and authentication server (Vimpari: para. 0019, 0024, 0040,  the device identifier(s) is hidden, because Vimpari discloses the application #113, third-party application does not know or have access to the specific identifiers associated with the UE, only known to the computing device (i.e. UE) authentication process (i.e. taking place on data communication platform, and authentication server (service authenticator)).  
     Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vimpari with the method of Kumar to include; packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device and an indication that the user credentials correspond to the application, wherein packaging comprises packaging the user credentials with the device identification and an indication that the user credentials correspond to the application, the device identification being hidden from the application, and only known to the computing device, authentication process, and authentication server; the motivation is that due to the third party nature of the third party service, it may be preferable to (Vimpari: para. 0001).  
   Regarding claim 2, Kumar and Vimpari disclose the method of Claim 1. Kumar further discloses wherein the device identification is used for message routing between the authentication server and the computing device (Kumar: par. 53; facilitate a different routing of the requests for services; each client application in FIG. 1 is configured to send each request for a service to the application server that is managing the network application from which the services are desired. The receiving network application then verifies the validity of the session token that is included with the request by communicating with the token database system); andthe user credentials comprise a username and password, and the password is not communicated to an application server corresponding to the application (Kumar: par. 58; if the response indicates that the token is valid; deliver the request for service to the target network application, such as to the application server; the request for service need not be accompanied by the session token or any other type of authentication information. [e.g., user credentials hidden from application]).
     Regarding claim 3 Kumar discloses a method comprising: receiving, by an authentication process executing on a computing device, data representative of user credentials corresponding to an application (Kumar: par. 29; data processing system checks to determine whether the received user name and password; par. 21; each client application 145 and 149 is configured to provide authentication information in connection with each request for service that it makes; par. 22; a user of the wireless mobile communication device 143 wishes to request a service from a network application [e.g., an application]; par. 24; token manager 147 [executing on user device] requests various pieces of security information from the user of the wireless mobile communication device 143, such as the name of the user, the user's password);outputting for transmission, by the authentication process and to an authentication server, an authentication request containing the packaged user credentials and device identification (Kumar: par. 26; token manager 147 causes this information to be sent to a network authentication system; par. 30; name and password are received by the user-password database system 103 which checks to determine whether they match a name; par. 38; data processing system 125 determines whether the device information that it received from the wireless mobile communication device matches device information that is contained in a database); andreceiving, by the authentication process and from the authentication server, and in response to the authentication request, an indication of authentication of the user credentials (Kumar: par. 43; if all checks are successfully completed, request a session token from a token database system; in response, the token database system creates or obtains a token [e.g., indication] and returns it to the network authentication system).     Kumar does not explicitly disclose packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device, wherein packaging comprises packaging the user credentials with the device identification and an application indication that the user credentials correspond to the application, wherein the device identification is only known to the computing device, authentication process, and authentication server, and is hidden from the application.  
     However, in an analogous art, Vimpari discloses packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device (Vimpari: para. 0024-0025, packaging, by the authentication process (i.e. taking place on the data communication platform), the user credentials (i.e. user identifiers) with a device identification (i.e. device identifier) assigned to the UE (i.e. computing device), the packaging is done by combining the user identifiers and device identifier to generate a recipient identifier), wherein packaging comprises packaging the user credentials with the device identification and an application indication that the user credentials correspond to the application (Vimpari: para. 0024-0025, identification that the user identifiers (i.e. user credentials correspond to the application #113, the application has an application identifier), wherein the device identification is only known to the computing device, authentication process, and authentication server, and is hidden from the application (Vimpari: para. 0019, 0024, 0040,  the device identifier(s) is hidden, because Vimpari discloses the application #113, third-party application does not know or have access to the specific identifiers associated with the UE, only known to the computing device (i.e. UE) authentication process (i.e. taking place on data communication platform, and authentication server (service authenticator)).
     Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Vimpari with the method of Kumar to include; packaging, by the authentication process, the data representative of user credentials with a device identification assigned to the computing device, wherein packaging comprises packaging the user credentials with the device identification and an application indication that the user credentials correspond to the application, wherein the device identification is only known to the computing device, authentication process, and authentication server, and is hidden from the application; the motivation is that due to the third party nature of the third party service, it may be preferable to prevent the third party service from accessing some information about the device and user identity (Vimpari: para. 0001).  
Regarding claim 5, Kumar and Vimpari disclose the method of Claim 3. Kumar further discloses further comprising forwarding the authentication indication from the authentication process to the application (Kumar: par. 58; the response indicates that the token is valid; deliver the request for service to the target network application, such as to the application server).
     Regarding claim 6, Kumar and Vimpari disclose the method of Claim 3. Kumar further discloses further comprising outputting for transmission, by the authentication process and to an application server associated with the application, the authentication indication (Kumar: par. 58; if the response from the token database system indicates that the token is valid).
     Regarding claim 9, Kumar and Vimpari disclose the method of Claim 3.  Kumar further discloses wherein the device identification is used for message routing between the authentication server and the computing device (Kumar: par. 54; routes these request for service differently. Each client application in the wireless mobile communication device is configured to send each of its requests for service, including the session token, to the network authentication system, rather than to the application server running the target network application).
     Regarding claim 10, Kumar and Vimpari disclose the method of Claim 3. Kumar further discloses wherein the user credentials comprise a username and password, and the password is not communicated to an application server corresponding to the application (Kumar: par. 58; the response indicates that the token is valid; deliver the request for service to the target network application, such as to the application server; the request for service need not be accompanied by the session token or any other type of authentication information. [e.g., information hidden from application]).
     Regarding claim 11, Kumar and Vimpari disclose the method of Claim 3.  Kumar further discloses further comprising maintaining a persistent secured connection between the computing device and the authentication server, wherein the user device transmits the authentication request to and receives the indication of authentication of the user credentials from the authentication server over the persistent secured connection (Kumar: par. 58; the network applications and the services that they provide may be secured by insuring that the application servers that manage the network applications, such as the applications severs are part of a highly secure network).
    Regarding claim 12, Kumar and Vimpari disclose the method of Claim 3, Kumar further discloses wherein receiving data representative of user credentials comprises receiving the data from the application (Kumar: par. 21; each client application 145 and 149 is configured to provide authentication information in connection with each request for service that it makes).
    Regarding claim 13, Kumar and Vimpari disclose the method of Claim 3.  Kumar further discloses wherein the authentication process is isolated from the application (Kumar: par. 21; each client application 145 and 149 is configured to provide authentication information in connection with each request for service that it makes; par. 24; token manager 147 [executing on user device] requests various pieces of security information from the user of the wireless mobile communication device, such as the name of the user, the user's password; par. 18; a network application running on an application server).
    Regarding claim 15, claim 15 is directed to a non-transitory computer readable medium configured to perform the steps claimed in claim 3 (Kumar: par. 63; software stored on one or more non-transitory devices; instructions are configured to implement). Claim 15 is similar in scope to claim 3 and is therefore rejected under similar rationale.
    Regarding claim 17, claim 17 is directed to the medium of claim 15. Claim 17 is similar in scope to claim 5 and is therefore rejected under similar rationale.
    Regarding claim 18, claim 18 is directed to the medium of claim 15. Claim 18 is similar in scope to claim 6 and is therefore rejected under similar rationale.
    Regarding claim 19, claim 19 is directed to the medium of claim 15. Claim 19 is similar in scope to claim 9 and is therefore rejected under similar rationale.
    Regarding claim 20, claim 20 is directed to the medium of claim 15. Claim 20 is similar in scope to claim 13 and is therefore rejected under similar rationale.

9.  Claims 8 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Kumar et al. (“Kumar”, US 2013/0104219), published on April 25, 2013, in view of Vimpari (“Vimpari”) 2012/0066767), published March 15, 2012, and further in view of Guo et al. (“Guo”, US 2009/0300744), published on December 3, 2009.  
     Regarding claim 8, Kumar and Vimpari disclose the method of Claim 3.  
     Kumar and Vimpari does not explicitly disclose wherein the authentication server stores the user credentials in a table with the device identification serving as a key to an entry in the table.
     Guo discloses wherein the authentication server stores the user credentials in a table with the device identification serving as a key to an entry in the table (Guo: par. 15; account information is stored in a data repository that is accessible by the account authority service; an account record may include a username, password, one or more device IDs with their corresponding device passwords and user-friendly device name, among other data items; par. 18; records [stores] the device ID in the data repository in association with the username to establish a trust relationship between the user and the user device).     Therefore, it would have been obvious to one of ordinary skill in the art at before the effective filing date of the claimed invention to combine the teachings of Guo with the method of Kumar-Vimpari to include wherein the authentication server stores the user credentials in a table with the device identification serving as a key to an entry in the table; the motivation is that to provide users with a means for decreasing the risk of authorizing an unauthorized device (Guo: pars. 0002-0003).
     Regarding claim 14, Kumar and Vimpari disclose the method of Claim 3. 
     Kumar and Vimpari do not explicitly disclose in response to the indication of authentication of the user credentials indicating that no user credentials are associated with the device identification, outputting for display an indication that no user credentials are associated with the computing device; receiving a user indication to associate the computing device with another computing device; outputting for transmission, by the authentication process and to the authentication server after the device identification assigned to the computing device is associated with a device identification assigned to the another computing device, a new authentication request containing the user credentials packaged with the device identification of the computing device; receiving, by the authentication process and from the authentication server, and in response to the new authentication request, a new indication of authentication of the user credentials; and forwarding the new indication from the authentication process to the application, wherein the indication received in response to the authentication request is not forwarded to the application.
(Guo: par. 37; if the user-device-supplied credentials do not satisfy the security requirements of the secure server, the account authority service may prompt the user device for addition credentials);  receiving a user indication to associate the computing device with another computing device (Guo: par. 46; another remote user attempts to connect with the user device through the remote user device, the remote user device requests from the account authority service a list of shareable devices associated with the first user);  outputting for transmission, by the authentication process and to the authentication server after the device identification assigned to the computing device is associated with a device identification assigned to the another computing device, a new authentication request containing the user credentials packaged with the device identification of the computing device (Guo: par. 40; a user operating the user device can publish a list of trusted devices he or she is willing to share with other users; par. 46; when another remote user attempts to connect with the user device through the remote user device; par. 46; account authority service looks up the first user's account information, determines which of the user's devices are published as shareable and whether the requesting remote user is authorized for sharing the devices); receiving, by the authentication process and from the authentication server, and in response to the new authentication request, a new indication of authentication of the user credentials (Guo: par. 46; remote user can select one of the shareable devices, returning the selection to the account authority service; account authority service then extracts the selected device's device ID from the user's account information and returns the device ID of the selected device to the remote user device; par. 47; having obtained the device ID of a selected shareable device, the remote user device can connect); and forwarding the new indication from the authentication process to the application, wherein the indication received in response to the authentication request is not forwarded to the application (Guo: par. 47; par. 47; having obtained the device ID of a selected shareable device, the remote user device can connect [e.g., user device not involved in authentication]).     Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guo with the method of Kumar-Vimpari to include; in response to the indication that no user credentials are associated with the device identification, outputting for display an indication; receiving a user indication to associate the computing device with another computing device; outputting after the device identification assigned to the computing device is associated with a device identification assigned to the another computing device, a new authentication request; and forwarding the new indication to the application, not forwarded to the application; the motivation is to provide users with a means for designate another user device to be trusted on the network (Guo: par. 44).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791.  The examiner can normally be reached on M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

5/18/2021
/J.E.J/Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439